A flaw in the libarchive library’s archive_read_format_rar_seek_data() function causes an integer overflow that can produce a double‑free condition. The double‑free can corrupt memory and allow an attacker to execute arbitrary code or crash the process. The vulnerability is identified as CWE‑190 and CWE‑415 and can turn a crafted RAR archive into a vector for code execution or denial of service.

Affected products include many Red Hat distributions and platforms that bundle libarchive. According to the vendor data, this includes the Red Hat Compliance Operator 1, Red Hat File Integrity Operator 1, Red Hat Enterprise Linux releases 6, 7, 8, 9, 10, Red Hat OpenShift Container Platform versions 4.14‑4.20, Red Hat Web Terminal 1.11 and 1.12, Red Hat Discovery 2, Red Hat Insights Proxy 1.5, Red Hat Cert‑Manager operator 1.16, as well as OpenShift distributed tracing 3.5, OpenShift Serverless 1.36, and other related packages. The CVE description does not specify the exact libarchive version affected, but the referenced errata indicate the fix is included in libarchive v3.8.0 and in several Red Hat errata packages.

The CVSS score of 7.8 labels this a high‑severity flaw, yet the EPSS score of less than 1 % suggests a low likelihood of exploitation currently. It is not listed in the CISA KEV catalog, so no publicly known active exploitation campaigns are recorded. The most probable attack path requires a component that processes RAR archives via libarchive; by feeding a malicious archive an attacker can trigger the double‑free and potentially execute arbitrary code. Because of this potential impact, the vulnerability demands prompt remediation.