CVE-2026-4111 : Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2026-4111 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

来源: 美国国家漏洞数据库 NVD

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

不可达退出条件的循环(无限循环)

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Red Hat Enterprise Linux 10 安全漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Red Hat Enterprise Linux 10是美国红帽（Red Hat）公司的一套面向企业用户的Linux操作系统。 Red Hat Enterprise Linux 10存在安全漏洞，该漏洞源于RAR5归档解压逻辑问题，可能导致无限循环和拒绝服务。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE
Red Hat	Red Hat Enterprise Linux 10	0:3.7.7-5.el10_1 ~ *	`cpe:/o:redhat:enterprise_linux:10.1`
Red Hat	Red Hat Enterprise Linux 10.0 Extended Update Support	0:3.7.7-5.el10_0 ~ *	`cpe:/o:redhat:enterprise_linux_eus:10.0`
Red Hat	Red Hat Enterprise Linux 9	0:3.5.3-7.el9_7 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9	0:3.5.3-7.el9_7 ~ *	`cpe:/a:redhat:enterprise_linux:9::appstream`
Red Hat	Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	0:3.5.3-2.el9_0.3 ~ *	`cpe:/o:redhat:rhel_e4s:9.0::baseos`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	0:3.5.3-5.el9_2.1 ~ *	`cpe:/a:redhat:rhel_e4s:9.2::appstream`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	0:3.5.3-4.el9_4.2 ~ *	`cpe:/a:redhat:rhel_eus:9.4::appstream`
Red Hat	Red Hat Enterprise Linux 9.6 Extended Update Support	0:3.5.3-6.el9_6.1 ~ *	`cpe:/o:redhat:rhel_eus:9.6::baseos`
Red Hat	Red Hat OpenShift Container Platform 4.13	413.92.202604080111-0 ~ *	`cpe:/a:redhat:openshift:4.13::el9`
Red Hat	Red Hat OpenShift Container Platform 4.18	418.94.202604140044-0 ~ *	`cpe:/a:redhat:openshift:4.18::el9`
Red Hat	Red Hat AI Inference Server 3.2	sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e ~ *	`cpe:/a:redhat:ai_inference_server:3.2::el9`
Red Hat	Red Hat AI Inference Server 3.3	sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc ~ *	`cpe:/a:redhat:ai_inference_server:3.3::el9`
Red Hat	Red Hat AI Inference Server 3.3	sha256:813ba7ccd1696b44deb90d9e6cd8af114bdb47781eae7f27246a81fba062a892 ~ *	`cpe:/a:redhat:ai_inference_server:3.3::el9`
Red Hat	Red Hat AI Inference Server 3.3	sha256:be6d568f28044533e4ad80f0856407c359e2eaf31a6b89cada433e6575d2300e ~ *	`cpe:/a:redhat:ai_inference_server:3.3::el9`
Red Hat	Red Hat Discovery 2	sha256:040dadd657afdb9f0914f896a4962fd3dbf40b70c8037e4d72b6801b766c9b7d ~ *	`cpe:/a:redhat:discovery:2::el9`
Red Hat	Red Hat Discovery 2	sha256:062310de4b34e278f8c7e4634def673a77d1228d493541ef1264ba4cb83b68eb ~ *	`cpe:/a:redhat:discovery:2::el9`
Red Hat	Red Hat Insights proxy 1.5	sha256:16b5fab54718cedc94d43f2bd55bd14a469cfbfbbbd0fe634ed81783196d2f42 ~ *	`cpe:/a:redhat:insights_proxy:1.5::el9`
Red Hat	Red Hat Update Infrastructure 5	sha256:8ac1507077086484155f94d2289df0f1d22bfe8f5f15589d6b354f11fe21d930 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	sha256:8e13332d210961a93746eb0bd3761fa220dc710aada98b121320184aef2e5709 ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	sha256:8fbf461b33717d3463e4f802b1a257b7e43d60c3e9568f710df83db36a04a4fe ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Update Infrastructure 5	sha256:7eae5b16539484129c6ce169b41a3e1da7d7dd1296d2677acf7e9c3d1bce00ed ~ *	`cpe:/a:redhat:rhui:5::el9`
Red Hat	Red Hat Enterprise Linux 6	-	`cpe:/o:redhat:enterprise_linux:6`
Red Hat	Red Hat Enterprise Linux 7	-	`cpe:/o:redhat:enterprise_linux:7`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Hardened Images	-	`cpe:/a:redhat:hummingbird:1`

二、漏洞 CVE-2026-4111 的公开POC

#	POC 描述	源链接	神龙链接

AI 生成 POC高级

kimi-k2.5 · 7814 chars

付费版包含：

漏洞原理深度分析

触发条件与影响面

完整可执行 POC 代码

利用链与缓解建议

POC 打包下载

每月 100+ 条 AI 生成额度

升级 Pro 解锁 ¥99/月先注册

三、漏洞 CVE-2026-4111 的情报信息

Please 登录 to view more intelligence information

https://access.redhat.com/security/cve/CVE-2026-4111vdb-entryx_refsource_REDHAT
https://github.com/libarchive/libarchive/pull/2877
https://bugzilla.redhat.com/show_bug.cgi?id=2446453issue-trackingx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8747vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7239vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6647vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7106vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7105vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9832vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7329vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8748vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7093vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5080vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8423vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7335vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8746vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8865vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5063vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10065vendor-advisoryx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2026-4111

四、漏洞 CVE-2026-4111 的评论

暂无评论

支持本站 — 捐款将帮助我们持续运营

一、漏洞 CVE-2026-4111 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2026-4111 的公开POC

三、漏洞 CVE-2026-4111 的情报信息

四、漏洞 CVE-2026-4111 的评论

发表评论

支持本站 — 捐款将帮助我们持续运营

一、 漏洞 CVE-2026-4111 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2026-4111 的公开POC

三、漏洞 CVE-2026-4111 的情报信息

四、漏洞 CVE-2026-4111 的评论

发表评论

一、漏洞 CVE-2026-4111 基础信息