QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-4424

Back to search

CVE-2026-4424

Published: Mar 19, 2026

Modified: Jun 4, 2026

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.

VendorProductVersions

Red Hat

Red Hat Enterprise Linux 10

unaffected
0:3.7.7-8.el10_1 - < *

Red Hat

Red Hat Enterprise Linux 10.0 Extended Update Support

unaffected
0:3.7.7-5.el10_0 - < *

Red Hat

Red Hat Enterprise Linux 7 Extended Lifecycle Support

unaffected
0:3.1.2-14.el7_9.2 - < *

Red Hat

Red Hat Enterprise Linux 8

unaffected
0:3.3.3-7.el8_10 - < *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

unaffected
0:3.3.2-8.el8_2.2 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

unaffected
0:3.3.3-1.el8_4.2 - < *

Red Hat

Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

unaffected
0:3.3.3-1.el8_4.2 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

unaffected
0:3.3.3-6.el8_6.1 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Telecommunications Update Service

unaffected
0:3.3.3-6.el8_6.1 - < *

Red Hat

Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

unaffected
0:3.3.3-6.el8_6.1 - < *

Red Hat

Red Hat Enterprise Linux 8.8 Telecommunications Update Service

unaffected
0:3.3.3-5.el8_8.2 - < *

Red Hat

Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

unaffected
0:3.3.3-5.el8_8.2 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:3.5.3-9.el9_7 - < *

Red Hat

Red Hat Enterprise Linux 9

unaffected
0:3.5.3-9.el9_7 - < *

Red Hat

Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

unaffected
0:3.5.3-2.el9_0.4 - < *

Red Hat

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

unaffected
0:3.5.3-5.el9_2.2 - < *

Red Hat

Red Hat Enterprise Linux 9.4 Extended Update Support

unaffected
0:3.5.3-5.el9_4 - < *

Red Hat

Red Hat Enterprise Linux 9.6 Extended Update Support

unaffected
0:3.5.3-7.el9_6.1 - < *

Red Hat

Red Hat OpenShift Container Platform 4.12

unaffected
412.86.202604281506-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.13

unaffected
413.92.202605271328-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.14

unaffected
414.92.202605060243-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.15

unaffected
415.92.202605060220-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.16

unaffected
416.94.202604211449-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.17

unaffected
417.94.202605112123-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.18

unaffected
418.94.202604240015-0 - < *

Red Hat

Red Hat OpenShift Container Platform 4.19

unaffected
4.19.9.6.202605201155-0 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-4.1777325677 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-4.1777325711 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-4.1777325710 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-3.1777325680 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-4.1777325709 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-4.1777325680 - < *

Red Hat

RHEL-8 based Middleware Containers

unaffected
7.13.5-4.1777325708 - < *

Red Hat

Red Hat AI Inference Server 3.2

unaffected
1779223654 - < *

Red Hat

Red Hat AI Inference Server 3.2

unaffected
1779223651 - < *

Red Hat

Red Hat AI Inference Server 3.3

unaffected
1778244559 - < *

Red Hat

Red Hat AI Inference Server 3.3

unaffected
1778244531 - < *

Red Hat

Red Hat AI Inference Server 3.3

unaffected
1778274666 - < *

Red Hat

Red Hat AI Inference Server 3.3

unaffected
1778244546 - < *

Red Hat

Red Hat Discovery 2

unaffected
1778101579 - < *

Red Hat

Red Hat Discovery 2

unaffected
1778156756 - < *

Red Hat

Red Hat Hardened Images

unaffected
3.8.7-1.hum1 - < *

Red Hat

Red Hat Insights proxy 1.5

unaffected
1776868961 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1776868774 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1776868744 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1776868772 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1776868842 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1777459441 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1777454300 - < *

Red Hat

Red Hat Update Infrastructure 5

unaffected
1777459504 - < *

Red Hat

Red Hat Enterprise Linux 6

All versions

Weaknesses (CWE)

CWE-125

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

RHSA-2026:10065
vendor-advisory
x_refsource_REDHAT
RHSA-2026:10097
vendor-advisory
x_refsource_REDHAT
RHSA-2026:11768
vendor-advisory
x_refsource_REDHAT
RHSA-2026:12071
vendor-advisory
x_refsource_REDHAT
RHSA-2026:12274
vendor-advisory
x_refsource_REDHAT
RHSA-2026:13812
vendor-advisory
x_refsource_REDHAT
RHSA-2026:14773
vendor-advisory
x_refsource_REDHAT
RHSA-2026:14937
vendor-advisory
x_refsource_REDHAT
RHSA-2026:15087
vendor-advisory
x_refsource_REDHAT
RHSA-2026:16008
vendor-advisory
x_refsource_REDHAT
RHSA-2026:16009
vendor-advisory
x_refsource_REDHAT
RHSA-2026:16030
vendor-advisory
x_refsource_REDHAT
RHSA-2026:16174
vendor-advisory
x_refsource_REDHAT
RHSA-2026:17596
vendor-advisory
x_refsource_REDHAT
RHSA-2026:19724
vendor-advisory
x_refsource_REDHAT
RHSA-2026:19725
vendor-advisory
x_refsource_REDHAT
RHSA-2026:20040
vendor-advisory
x_refsource_REDHAT
RHSA-2026:21690
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8492
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8510
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8517
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8521
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8534
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8864
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8865
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8866
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8867
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8873
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8908
vendor-advisory
x_refsource_REDHAT
RHSA-2026:8944
vendor-advisory
x_refsource_REDHAT
RHSA-2026:9026
vendor-advisory
x_refsource_REDHAT
RHSA-2026:9592
vendor-advisory
x_refsource_REDHAT
RHSA-2026:9832
vendor-advisory
x_refsource_REDHAT
RHBZ#2449006
issue-tracking
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now