CVE-2026-4111

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:5063
https://access.redhat.com/errata/RHSA-2026:5080
https://access.redhat.com/security/cve/CVE-2026-4111
https://bugzilla.redhat.com/show_bug.cgi?id=2446453
https://github.com/libarchive/libarchive/pull/2877

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-13 19:55

Updated : 2026-03-19 12:16

NVD link : CVE-2026-4111

Mitre link : CVE-2026-4111

CVE.ORG link : CVE-2026-4111

JSON object : View

Products Affected

No product.

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2026-4111", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-13T19:55:13.917", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:5063", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:5080", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-4111", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", "source": "secalert@redhat.com"}, {"url": "https://github.com/libarchive/libarchive/pull/2877", "source": "secalert@redhat.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en la l\u00f3gica de descompresi\u00f3n de archivos RAR5 de la biblioteca libarchive, espec\u00edficamente dentro de la ruta de procesamiento de archive_read_data(). Cuando se procesa un archivo RAR5 especialmente manipulado, la rutina de descompresi\u00f3n puede entrar en un estado en el que la l\u00f3gica interna impide el avance. Esta condici\u00f3n resulta en un bucle infinito que consume continuamente recursos de CPU. Debido a que el archivo pasa la validaci\u00f3n de suma de verificaci\u00f3n y parece estructuralmente v\u00e1lido, las aplicaciones afectadas no pueden detectar el problema antes del procesamiento. Esto puede permitir a los atacantes causar condiciones persistentes de denegaci\u00f3n de servicio en servicios que procesan archivos autom\u00e1ticamente."}], "lastModified": "2026-03-19T12:16:18.980", "sourceIdentifier": "secalert@redhat.com"}