CVE-2026-4111

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description A flaw exists in the RAR5 archive decompression logic within the archive read data() processing path of the libarchive library. Processing a specially crafted RAR5 archive can cause the decompression routine to enter a state preventing progress, resulting in an infinite loop that continuously consumes CPU resources. The archive appears structurally valid and passes checksum validation, making detection difficult for affected applications before processing. This can lead to persistent denial-of-service conditions in services that automatically process archives.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2026:5063

ALSA-2026:5080

BDU:2026-07260

CVE-2026-4111

ECHO-BB19-1016-174F

OESA-2026-1641

OPENSUSE-SU-2026:20797-1

RHSA-2026:5063

RHSA-2026:5080

RHSA-2026:6647

RHSA-2026:7093

RHSA-2026:7105

RHSA-2026:7106

RHSA-2026:8865

RHSA-2026:8944

SUSE-SU-2026:21757-1

SUSE-SU-2026:21831-1

USN-8147-1

Affected Products

Linuxmint

Red Os

Rocky Linux

Ubuntu

Libarchive

CVE-2026-4111

Weakness Enumeration

Related Identifiers

Affected Products

References · 71