PT-2026-25310 · Unknown+4 · Libarchive+4

Elhanan Haenel

Publicado

2026-01-01

Atualizado

2026-05-14

CVE-2026-4111

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description A flaw exists in the RAR5 archive decompression logic within the archive read data() processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the decompression routine to enter a state preventing progress, resulting in an infinite loop that continuously consumes CPU resources. The archive appears structurally valid and passes checksum validation, making detection difficult for affected applications before processing. This can lead to persistent denial-of-service conditions in services that automatically process archives.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALSA-2026:5063

ALSA-2026:5080

BDU:2026-07260

CVE-2026-4111

ECHO-BB19-1016-174F

OESA-2026-1641

OPENSUSE-SU-2026:20797-1

RHSA-2026:5063

RHSA-2026:5080

RHSA-2026:6647

RHSA-2026:7093

RHSA-2026:7105

RHSA-2026:7106

RHSA-2026:8865

RHSA-2026:8944

SUSE-SU-2026:21757-1

SUSE-SU-2026:21831-1

USN-8147-1

Produtos afetados

Linuxmint

Red Os

Rocky Linux

Ubuntu

Libarchive

PT-2026-25310 · Unknown+4 · Libarchive+4

CVE-2026-4111

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71