EUVD-2026-13097
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Description
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Analysis
Information disclosure in libarchive's RAR processing allows remote attackers to leak sensitive heap memory by submitting specially crafted archives that exploit improper validation of compression method transitions. The vulnerability requires no authentication or user interaction and affects any application using libarchive to process untrusted RAR files. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all systems running affected Red Hat versions (RHEL 6-10, OpenShift 4) and libarchive; disable RAR archive processing where operationally feasible and document business justification for any exceptions. Within 7 days: Implement network segmentation to restrict untrusted external uploads of RAR archives; deploy Web Application Firewall rules to block RAR files at ingress points; brief leadership on risk acceptance if remediation cannot be completed. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today