UBUNTU-CVE-2026-4111
- Source
- https://ubuntu.com/security/CVE-2026-4111
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4111.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-4111
- Upstream
- Published
- 2026-03-13T19:55:00Z
- Modified
- 2026-03-19T05:25:34Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.
- References
Affected packages
Ubuntu:20.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.4.0-2ubuntu1.5?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.4.0-1
3.4.0-1build1
3.4.0-1ubuntu2
3.4.0-2ubuntu1
3.4.0-2ubuntu1.1
3.4.0-2ubuntu1.2
3.4.0-2ubuntu1.3
3.4.0-2ubuntu1.4
3.4.0-2ubuntu1.5
Ubuntu:22.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.6.0-1ubuntu1.5?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.4.3-2
3.4.3-2build1
3.5.2-1
3.5.2-1ubuntu1
3.6.0-1ubuntu1
3.6.0-1ubuntu1.1
3.6.0-1ubuntu1.2
3.6.0-1ubuntu1.3
3.6.0-1ubuntu1.4
3.6.0-1ubuntu1.5
Ubuntu:24.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.7.2-2ubuntu0.5?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.6.2-1ubuntu1
3.7.2-1ubuntu1
3.7.2-1ubuntu2
3.7.2-1.1ubuntu2
3.7.2-2
3.7.2-2ubuntu0.1
3.7.2-2ubuntu0.2
3.7.2-2ubuntu0.3
3.7.2-2ubuntu0.4
3.7.2-2ubuntu0.5
Ubuntu:25.10
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.7.7-0ubuntu3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.1.2-7ubuntu2.8+esm3?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.1.2-5ubuntu1
3.1.2-7ubuntu1
3.1.2-7ubuntu2
3.1.2-7ubuntu2.1
3.1.2-7ubuntu2.2
3.1.2-7ubuntu2.3
3.1.2-7ubuntu2.4
3.1.2-7ubuntu2.6
3.1.2-7ubuntu2.7
3.1.2-7ubuntu2.8
3.1.2-7ubuntu2.8+esm1
3.1.2-7ubuntu2.8+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.1.2-7ubuntu2.8+esm3",
"binary_name": "bsdcpio"
},
{
"binary_version": "3.1.2-7ubuntu2.8+esm3",
"binary_name": "bsdtar"
},
{
"binary_version": "3.1.2-7ubuntu2.8+esm3",
"binary_name": "libarchive-dev"
},
{
"binary_version": "3.1.2-7ubuntu2.8+esm3",
"binary_name": "libarchive13"
}
]
}Ubuntu:Pro:16.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.1.2-11ubuntu0.16.04.8+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.1.2-11build1
3.1.2-11ubuntu0.16.04.1
3.1.2-11ubuntu0.16.04.2
3.1.2-11ubuntu0.16.04.3
3.1.2-11ubuntu0.16.04.4
3.1.2-11ubuntu0.16.04.5
3.1.2-11ubuntu0.16.04.6
3.1.2-11ubuntu0.16.04.7
3.1.2-11ubuntu0.16.04.8
3.1.2-11ubuntu0.16.04.8+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
"binary_name": "bsdcpio"
},
{
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
"binary_name": "bsdtar"
},
{
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
"binary_name": "libarchive-dev"
},
{
"binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
"binary_name": "libarchive13"
}
]
}Ubuntu:Pro:18.04:LTS
libarchive
Package
- Name
- libarchive
- Purl
- pkg:deb/ubuntu/libarchive@3.2.2-3.1ubuntu0.7+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.2.2-3.1
3.2.2-3.1ubuntu0.1
3.2.2-3.1ubuntu0.2
3.2.2-3.1ubuntu0.3
3.2.2-3.1ubuntu0.4
3.2.2-3.1ubuntu0.5
3.2.2-3.1ubuntu0.6
3.2.2-3.1ubuntu0.7
3.2.2-3.1ubuntu0.7+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.2.2-3.1ubuntu0.7+esm1",
"binary_name": "bsdcpio"
},
{
"binary_version": "3.2.2-3.1ubuntu0.7+esm1",
"binary_name": "bsdtar"
},
{
"binary_version": "3.2.2-3.1ubuntu0.7+esm1",
"binary_name": "libarchive-dev"
},
{
"binary_version": "3.2.2-3.1ubuntu0.7+esm1",
"binary_name": "libarchive-tools"
},
{
"binary_version": "3.2.2-3.1ubuntu0.7+esm1",
"binary_name": "libarchive13"
}
]
}