2446453 – (CVE-2026-4111) CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

Bug 2446453 (CVE-2026-4111) - CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

Summary: CVE-2026-4111 libarchive: Infinite Loop Denial of Service in RAR5 Decompressi...

Keywords:
Status:	NEW
Alias:	CVE-2026-4111
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2448049 2448050 2448051
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-11 11:27 UTC by OSIDB Bzimport
Modified:	2026-03-19 11:39 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:5063	0	None	None	None	2026-03-19 08:08:33 UTC
Red Hat Product Errata	RHSA-2026:5080	0	None	None	None	2026-03-19 11:39:52 UTC

Description OSIDB Bzimport 2026-03-11 11:27:56 UTC

An Infinite Loop Denial-of-Service vulnerability exists in the RAR5 decompression implementation of libarchive. The flaw occurs in the uncompress_file() routine within archive_read_support_format_rar5.c due to a logical deadlock between the filter activation threshold and the half-window output limiter. When a specially crafted RAR5 archive is processed through archive_read_data(), the decompressor enters a state where neither the filter activation condition nor the output window progress condition can be satisfied. As a result, the loop continues indefinitely while consuming 100% CPU. Because the archive passes all CRC and checksum validation, the issue can be triggered using a valid-looking archive without authentication or user interaction. This allows attackers to exhaust worker threads or processing pipelines in applications that automatically extract or scan archives.

Comment 2 errata-xmlrpc 2026-03-19 08:08:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:5063 https://access.redhat.com/errata/RHSA-2026:5063

Comment 3 errata-xmlrpc 2026-03-19 11:39:51 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:5080 https://access.redhat.com/errata/RHSA-2026:5080

Note You need to log in before you can comment on or make changes to this bug.