CVE-2026-4424

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-4424
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:10065 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:10097 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:11768 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:12071
https://access.redhat.com/errata/RHSA-2026:12274
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:8492 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8510 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8517 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8521 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8534 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8864 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8865 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8866 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8867 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8873 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8908 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:8944 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:9026 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:9592 Third Party Advisory
https://access.redhat.com/errata/RHSA-2026:9832 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-4424 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2449006 Issue Tracking Third Party Advisory
https://github.com/libarchive/libarchive/pull/2898 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
History

10 Jun 2026, 18:17

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:25096 -

04 Jun 2026, 18:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:21690 -

28 May 2026, 03:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:20040 -

21 May 2026, 04:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:19724 -

20 May 2026, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:17596 -
  • () https://access.redhat.com/errata/RHSA-2026:19725 -

14 May 2026, 23:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:16008 -
  • () https://access.redhat.com/errata/RHSA-2026:16009 -
  • () https://access.redhat.com/errata/RHSA-2026:16030 -

13 May 2026, 16:17

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:14773 -
  • () https://access.redhat.com/errata/RHSA-2026:15087 -

12 May 2026, 10:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:16174 -

11 May 2026, 10:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:12071 -

09 May 2026, 00:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:12274 -

07 May 2026, 22:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:14937 -

05 May 2026, 18:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:13812 -

30 Apr 2026, 18:44

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2026:10065 - () https://access.redhat.com/errata/RHSA-2026:10065 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:10097 - () https://access.redhat.com/errata/RHSA-2026:10097 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:11768 - () https://access.redhat.com/errata/RHSA-2026:11768 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8492 - () https://access.redhat.com/errata/RHSA-2026:8492 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8510 - () https://access.redhat.com/errata/RHSA-2026:8510 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8517 - () https://access.redhat.com/errata/RHSA-2026:8517 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8521 - () https://access.redhat.com/errata/RHSA-2026:8521 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8534 - () https://access.redhat.com/errata/RHSA-2026:8534 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8864 - () https://access.redhat.com/errata/RHSA-2026:8864 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8865 - () https://access.redhat.com/errata/RHSA-2026:8865 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8866 - () https://access.redhat.com/errata/RHSA-2026:8866 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8867 - () https://access.redhat.com/errata/RHSA-2026:8867 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8873 - () https://access.redhat.com/errata/RHSA-2026:8873 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8908 - () https://access.redhat.com/errata/RHSA-2026:8908 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:8944 - () https://access.redhat.com/errata/RHSA-2026:8944 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:9026 - () https://access.redhat.com/errata/RHSA-2026:9026 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:9592 - () https://access.redhat.com/errata/RHSA-2026:9592 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2026:9832 - () https://access.redhat.com/errata/RHSA-2026:9832 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2026-4424 - () https://access.redhat.com/security/cve/CVE-2026-4424 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2449006 - () https://bugzilla.redhat.com/show_bug.cgi?id=2449006 - Issue Tracking, Third Party Advisory
References () https://github.com/libarchive/libarchive/pull/2898 - () https://github.com/libarchive/libarchive/pull/2898 - Issue Tracking, Third Party Advisory
First Time Libarchive
Redhat hardened Images
Redhat openshift Container Platform
Redhat
Redhat enterprise Linux
Redhat openshift Container Platform For Arm64
Libarchive libarchive
Redhat openshift Container Platform For Power
Redhat enterprise Linux Server Aus
CPE cpe:2.3:a:redhat:openshift_container_platform_for_arm64:4.16:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform_for_power:4.16:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.16:*:*:*:*:*:*:*

30 Apr 2026, 13:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:10097 -
  • () https://access.redhat.com/errata/RHSA-2026:11768 -

23 Apr 2026, 07:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:10065 -

22 Apr 2026, 21:17

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8944 -

22 Apr 2026, 18:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:9832 -

22 Apr 2026, 07:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:9592 -

20 Apr 2026, 14:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:9026 -

20 Apr 2026, 08:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8866 -

20 Apr 2026, 06:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8908 -

20 Apr 2026, 05:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8873 -

20 Apr 2026, 04:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8864 -
  • () https://access.redhat.com/errata/RHSA-2026:8865 -

20 Apr 2026, 03:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8867 -

16 Apr 2026, 20:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8517 -
  • () https://access.redhat.com/errata/RHSA-2026:8521 -

16 Apr 2026, 19:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8534 -

16 Apr 2026, 17:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:8510 -

16 Apr 2026, 15:17

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en libarchive. Esta vulnerabilidad de lectura fuera de límites de la pila (heap) existe en la lógica de procesamiento de archivos RAR debido a una validación incorrecta del tamaño de la ventana deslizante LZSS después de las transiciones entre métodos de compresión. Un atacante remoto puede explotar esto al proporcionar un archivo RAR especialmente diseñado, lo que lleva a la divulgación de información sensible de la memoria de la pila (heap) sin requerir autenticación ni interacción del usuario.
References
  • () https://access.redhat.com/errata/RHSA-2026:8492 -

19 Mar 2026, 15:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-19 15:16

Updated : 2026-06-10 18:17

NVD link : CVE-2026-4424

Mitre link : CVE-2026-4424

CVE.ORG link : CVE-2026-4424

JSON object : View

Products Affected

redhat

  • enterprise_linux_server_aus
  • openshift_container_platform_for_power
  • openshift_container_platform_for_arm64
  • openshift_container_platform
  • enterprise_linux
  • hardened_images

libarchive

  • libarchive
CWE
CWE-125

Out-of-bounds Read