CVE-2026-4111

{"id": "CVE-2026-4111", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-13T19:55:13.917", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:5063", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5080", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6647", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7093", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7105", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7106", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7329", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:7335", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-4111", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", "source": "secalert@redhat.com"}, {"url": "https://github.com/libarchive/libarchive/pull/2877", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en la l\u00f3gica de descompresi\u00f3n de archivos RAR5 de la biblioteca libarchive, espec\u00edficamente dentro de la ruta de procesamiento de archive_read_data(). Cuando se procesa un archivo RAR5 especialmente manipulado, la rutina de descompresi\u00f3n puede entrar en un estado en el que la l\u00f3gica interna impide el avance. Esta condici\u00f3n resulta en un bucle infinito que consume continuamente recursos de CPU. Debido a que el archivo pasa la validaci\u00f3n de suma de verificaci\u00f3n y parece estructuralmente v\u00e1lido, las aplicaciones afectadas no pueden detectar el problema antes del procesamiento. Esto puede permitir a los atacantes causar condiciones persistentes de denegaci\u00f3n de servicio en servicios que procesan archivos autom\u00e1ticamente."}], "lastModified": "2026-04-09T21:16:12.467", "sourceIdentifier": "secalert@redhat.com"}