Description
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Published: 2026-03-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

A heap out‑of‑bounds read flaw exists in libarchive’s RAR extraction logic. The problem originates from inadequate validation of the LZSS sliding window size when the parser transitions between compression methods, enabling an attacker to read sensitive data from uninitialized heap memory. The flaw can be triggered by submitting a specially crafted RAR file and does not require authentication or user interaction, exposing the content of the vulnerable host to an attacker. The CWE associated with this weakness is Improper Memory Management – Out‑of‑Bound Read (CWE‑125).

Affected Systems

Red Hat Enterprise Linux 10,6,7,8,9, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 are affected through the libarchive library shipped with these distributions. Users of these platforms running applications that employ libarchive for RAR archive extraction should be aware of the vulnerability.

Risk and Exploitability

The CVSS score of 7.5 indicates a high impact vulnerability, yet the EPSS score of less than 1% suggests a low current exploitation probability. This issue is not listed in the CISA KEV catalog. While the advisory states no workaround meets Red Hat’s acceptance criteria, the attack path is inferred to involve the receipt of a malicious RAR file—either via local file upload or processed by a service component—leading to information disclosure. Absence of an official patch at this time elevates the need for monitoring and readiness to apply mitigations when available.

Generated by OpenCVE AI on April 9, 2026 at 19:36 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Check the Red Hat security portal for any updates or patches for libarchive and apply them as soon as released.
  • If possible, eliminate or restrict the handling of RAR archives within your environment, or replace the extraction component with an alternative library that does not use libarchive.
  • Implement file integrity monitoring to detect unusual or malformed RAR files entering your system.
  • Maintain up‑to‑date system updates and security tools to reduce the risk of exploitation once a fix becomes available.

Generated by OpenCVE AI on April 9, 2026 at 19:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hummingbird
CPEs cpe:/a:redhat:hummingbird:1
Vendors & Products Redhat hummingbird

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Libarchive
Libarchive libarchive
Redhat openshift Container Platform
Vendors & Products Libarchive
Libarchive libarchive
Redhat openshift Container Platform

Fri, 20 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 19 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Title Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-125
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Libarchive Libarchive
Redhat Enterprise Linux Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-09T17:27:04.727Z

Reserved: 2026-03-19T12:23:38.191Z

Link: CVE-2026-4424

cve-icon Vulnrichment

Updated: 2026-03-19T17:07:50.644Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-19T15:16:28.300

Modified: 2026-03-20T13:39:46.493

Link: CVE-2026-4424

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-19T00:00:00Z

Links: CVE-2026-4424 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:46:27Z

Weaknesses