Description
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
References (22)
... and 2 more
Scores
CVSS v3
7.5
EPSS
0.0003
EPSS Percentile
10.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-835
Status
published
Products (47)
Red Hat/Red Hat AI Inference Server 3.2
1775740563
Red Hat/Red Hat AI Inference Server 3.2
sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e
Red Hat/Red Hat AI Inference Server 3.3
1775680192
Red Hat/Red Hat AI Inference Server 3.3
1775680262
Red Hat/Red Hat AI Inference Server 3.3
1775749857
Red Hat/Red Hat AI Inference Server 3.3
sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc
Red Hat/Red Hat AI Inference Server 3.3
sha256:813ba7ccd1696b44deb90d9e6cd8af114bdb47781eae7f27246a81fba062a892
Red Hat/Red Hat AI Inference Server 3.3
sha256:be6d568f28044533e4ad80f0856407c359e2eaf31a6b89cada433e6575d2300e
Red Hat/Red Hat Discovery 2
1775668717
Red Hat/Red Hat Discovery 2
1775675922
... and 37 more
Published
Mar 13, 2026
Tracked Since
Mar 14, 2026