7.5

CVE-2026-4424

Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.88% 0.544
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2026-4424
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2449006
Third Party Advisory
Issue Tracking
https://github.com/libarchive/libarchive/pull/2898
Third Party Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2026:8492
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8510
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8534
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8517
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8521
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8867
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8865
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8864
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8873
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8908
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8866
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:9026
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:9592
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:9832
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8944
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10065
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11768
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10097
Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:12274
https://access.redhat.com/errata/RHSA-2026:12071
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:25096
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4424.json