HIGH SeverityCVSS 3.17.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2026-4424
Last updated Apr 16, 2026 · Published Mar 19, 2026
Description
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Affected products
1 listed- Red Hat:Red Hat Enterprise Linux 10; Red Hat:Red Hat Enterprise Linux 6; Red Hat:Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat:Red Hat Enterprise Linux 8; Red Hat:Red Hat Enterprise Linux 8.2 Advanced Update Support; Red Hat:Red Hat Enterprise Linux 9; Red Hat:Red Hat Hardened Images; Red Hat:Red Hat OpenShift Container Platform 4
Mappings
CWE
CWE-125
CAPEC
None listed.
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms