GHSA-xrqh-48jh-pjv2
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
Risk Scores
Timeline
- Mar 13, 2026 CVE Published
- Apr 10, 2026 Distribution Patch
- Apr 10, 2026 Distribution Patch
- Apr 10, 2026 Distribution Patch
- Apr 10, 2026 Distribution Patch
- Apr 10, 2026 Distribution Patch
- Apr 10, 2026 Distribution Patch
- Apr 10, 2026 Security Advisory
- Apr 10, 2026 Security Advisory
- Apr 10, 2026 Security Advisory
- Apr 10, 2026 Security Advisory
- Apr 10, 2026 Security Advisory
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-4111 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2446453 url
- https://github.com/libarchive/libarchive/pull/2877 fix
- https://access.redhat.com/security/cve/CVE-2026-4111 advisory
- https://access.redhat.com/errata/RHSA-2026:9832 advisory
- https://access.redhat.com/errata/RHSA-2026:8865 advisory
- https://access.redhat.com/errata/RHSA-2026:8748 advisory
- https://access.redhat.com/errata/RHSA-2026:8747 advisory
- https://access.redhat.com/errata/RHSA-2026:8746 advisory
- https://access.redhat.com/errata/RHSA-2026:8423 advisory
- https://access.redhat.com/errata/RHSA-2026:7335 advisory
- https://access.redhat.com/errata/RHSA-2026:7329 advisory
- https://access.redhat.com/errata/RHSA-2026:7239 advisory
- https://access.redhat.com/errata/RHSA-2026:7106 advisory
- https://access.redhat.com/errata/RHSA-2026:7105 advisory
- https://access.redhat.com/errata/RHSA-2026:7093 advisory
- https://access.redhat.com/errata/RHSA-2026:6647 advisory
- https://access.redhat.com/errata/RHSA-2026:5080 advisory
- https://access.redhat.com/errata/RHSA-2026:5063 advisory
- https://access.redhat.com/errata/RHSA-2026:10065 advisory
…and 6 more