Nixpkgs Security Tracker

Permalink CVE-2026-4111

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 1 week, 6 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 2 days ago
@LeSuisse removed
28 packages
- libarchive-qt
- haskellPackages.libarchive
- kodiPackages.vfs-libarchive
- perlPackages.ArchiveLibarchive
- python312Packages.libarchive-c
- python313Packages.libarchive-c
- python314Packages.libarchive-c
- haskellPackages.libarchive-clib
- perl5Packages.ArchiveLibarchive
- perl538Packages.ArchiveLibarchive
- perl540Packages.ArchiveLibarchive
- haskellPackages.archive-libarchive
- haskellPackages.libarchive-conduit
- perlPackages.ArchiveLibarchivePeek
- perlPackages.TestArchiveLibarchive
- perl5Packages.ArchiveLibarchivePeek
- perl5Packages.TestArchiveLibarchive
- perl538Packages.ArchiveLibarchivePeek
- perl538Packages.TestArchiveLibarchive
- perl540Packages.ArchiveLibarchivePeek
- perl540Packages.TestArchiveLibarchive
- perlPackages.ArchiveLibarchiveExtract
- perl5Packages.ArchiveLibarchiveExtract
- perl538Packages.ArchiveLibarchiveExtract
- perl540Packages.ArchiveLibarchiveExtract
- python312Packages.extractcode-libarchive
- python313Packages.extractcode-libarchive
- python314Packages.extractcode-libarchive
1 week, 6 days ago
@LeSuisse accepted 1 week, 6 days ago
@LeSuisse published on GitHub 1 week, 6 days ago

Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives.

References

RHBZ#2446453 issue-tracking x_refsource_REDHAT
https://github.com/libarchive/libarchive/pull/2877
https://access.redhat.com/security/cve/CVE-2026-4111 x_refsource_REDHAT vdb-entry

Affected products

rhcos

libarchive

Matching in nixpkgs

pkgs.libarchive

Multi-format archive and compression library

nixos-unstable 3.8.4
- nixpkgs-unstable 3.8.4
- nixos-unstable-small 3.8.4
nixos-25.11 3.8.4
- nixos-25.11-small 3.8.4
- nixpkgs-25.11-darwin 3.8.4

Ignored packages (28)

pkgs.libarchive-qt

Qt based archiving solution with libarchive backend

nixos-unstable 2.0.8
- nixpkgs-unstable 2.0.8
- nixos-unstable-small 2.0.8
nixos-25.11 2.0.8
- nixos-25.11-small 2.0.8
- nixpkgs-25.11-darwin 2.0.8

pkgs.haskellPackages.libarchive

Haskell interface to libarchive

nixos-unstable 3.0.5.0
- nixpkgs-unstable 3.0.5.0
- nixos-unstable-small 3.0.5.0
nixos-25.11 3.0.4.2
- nixos-25.11-small 3.0.4.2
- nixpkgs-25.11-darwin 3.0.4.2

pkgs.kodiPackages.vfs-libarchive

LibArchive Virtual Filesystem add-on for Kodi

nixos-unstable 20.1.0
- nixpkgs-unstable 20.1.0
- nixos-unstable-small 20.1.0
nixos-25.11 20.1.0
- nixos-25.11-small 20.1.0
- nixpkgs-25.11-darwin 20.1.0

pkgs.perlPackages.ArchiveLibarchive

Modern Perl bindings to libarchive

nixos-unstable 0.09
- nixpkgs-unstable 0.09
- nixos-unstable-small 0.09
nixos-25.11 0.09
- nixos-25.11-small 0.09
- nixpkgs-25.11-darwin 0.09

pkgs.python312Packages.libarchive-c

Python interface to libarchive

nixos-25.11 5.3
- nixos-25.11-small 5.3
- nixpkgs-25.11-darwin 5.3

pkgs.python313Packages.libarchive-c

Python interface to libarchive

nixos-unstable 5.3
- nixpkgs-unstable 5.3
- nixos-unstable-small 5.3
nixos-25.11 5.3
- nixos-25.11-small 5.3
- nixpkgs-25.11-darwin 5.3

pkgs.python314Packages.libarchive-c

Python interface to libarchive

nixos-unstable 5.3
- nixpkgs-unstable 5.3
- nixos-unstable-small 5.3

pkgs.haskellPackages.libarchive-clib

Haskell interface to libarchive (C sources)

nixos-unstable 3.8.5
- nixpkgs-unstable 3.8.5
- nixos-unstable-small 3.8.5

pkgs.perl5Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

nixos-unstable 0.09
- nixpkgs-unstable 0.09
- nixos-unstable-small 0.09

pkgs.perl538Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

nixos-25.11 0.09
- nixos-25.11-small 0.09
- nixpkgs-25.11-darwin 0.09

pkgs.perl540Packages.ArchiveLibarchive

Modern Perl bindings to libarchive

nixos-25.11 0.09
- nixos-25.11-small 0.09
- nixpkgs-25.11-darwin 0.09

pkgs.haskellPackages.archive-libarchive

Common interface using libarchive

nixos-unstable 1.0.0.1
- nixpkgs-unstable 1.0.0.1
- nixos-unstable-small 1.0.0.1
nixos-25.11 1.0.0.1
- nixos-25.11-small 1.0.0.1
- nixpkgs-25.11-darwin 1.0.0.1

pkgs.haskellPackages.libarchive-conduit

Read many archive formats with libarchive and conduit

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixos-25.11-small 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.perlPackages.ArchiveLibarchivePeek

Peek into archives without extracting them

nixos-unstable 0.04
- nixpkgs-unstable 0.04
- nixos-unstable-small 0.04
nixos-25.11 0.04
- nixos-25.11-small 0.04
- nixpkgs-25.11-darwin 0.04

pkgs.perlPackages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

nixos-unstable 0.02
- nixpkgs-unstable 0.02
- nixos-unstable-small 0.02
nixos-25.11 0.02
- nixos-25.11-small 0.02
- nixpkgs-25.11-darwin 0.02

pkgs.perl5Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

nixos-unstable 0.04
- nixpkgs-unstable 0.04
- nixos-unstable-small 0.04

pkgs.perl5Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

nixos-unstable 0.02
- nixpkgs-unstable 0.02
- nixos-unstable-small 0.02

pkgs.perl538Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

nixos-25.11 0.04
- nixos-25.11-small 0.04
- nixpkgs-25.11-darwin 0.04

pkgs.perl538Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

nixos-25.11 0.02
- nixos-25.11-small 0.02
- nixpkgs-25.11-darwin 0.02

pkgs.perl540Packages.ArchiveLibarchivePeek

Peek into archives without extracting them

nixos-25.11 0.04
- nixos-25.11-small 0.04
- nixpkgs-25.11-darwin 0.04

pkgs.perl540Packages.TestArchiveLibarchive

Testing tools for Archive::Libarchive

nixos-25.11 0.02
- nixos-25.11-small 0.02
- nixpkgs-25.11-darwin 0.02

pkgs.perlPackages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

nixos-unstable 0.03
- nixpkgs-unstable 0.03
- nixos-unstable-small 0.03
nixos-25.11 0.03
- nixos-25.11-small 0.03
- nixpkgs-25.11-darwin 0.03

pkgs.perl5Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

nixos-unstable 0.03
- nixpkgs-unstable 0.03
- nixos-unstable-small 0.03

pkgs.perl538Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

nixos-25.11 0.03
- nixos-25.11-small 0.03
- nixpkgs-25.11-darwin 0.03

pkgs.perl540Packages.ArchiveLibarchiveExtract

Archive extracting mechanism (using libarchive)

nixos-25.11 0.03
- nixos-25.11-small 0.03
- nixpkgs-25.11-darwin 0.03

pkgs.python312Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

nixos-25.11 21.5.31
- nixos-25.11-small 21.5.31
- nixpkgs-25.11-darwin 21.5.31

pkgs.python313Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

nixos-unstable 21.5.31
- nixpkgs-unstable 21.5.31
- nixos-unstable-small 21.5.31
nixos-25.11 21.5.31
- nixos-25.11-small 21.5.31
- nixpkgs-25.11-darwin 21.5.31

pkgs.python314Packages.extractcode-libarchive

ScanCode Toolkit plugin to provide pre-built binary libraries and utilities and their locations

nixos-unstable 21.5.31
- nixpkgs-unstable 21.5.31
- nixos-unstable-small 21.5.31

Package maintainers

@jcumming Jack Cummings <jack@mudshark.org>

Upstream patch: https://github.com/libarchive/libarchive/commit/7273d04803a1e5a482f26d8d0fbaf2b204a72168

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libarchive

pkgs.libarchive-qt

pkgs.haskellPackages.libarchive

pkgs.kodiPackages.vfs-libarchive

pkgs.perlPackages.ArchiveLibarchive

pkgs.python312Packages.libarchive-c

pkgs.python313Packages.libarchive-c

pkgs.python314Packages.libarchive-c

pkgs.haskellPackages.libarchive-clib

pkgs.perl5Packages.ArchiveLibarchive

pkgs.perl538Packages.ArchiveLibarchive

pkgs.perl540Packages.ArchiveLibarchive

pkgs.haskellPackages.archive-libarchive

pkgs.haskellPackages.libarchive-conduit

pkgs.perlPackages.ArchiveLibarchivePeek

pkgs.perlPackages.TestArchiveLibarchive

pkgs.perl5Packages.ArchiveLibarchivePeek

pkgs.perl5Packages.TestArchiveLibarchive

pkgs.perl538Packages.ArchiveLibarchivePeek

pkgs.perl538Packages.TestArchiveLibarchive

pkgs.perl540Packages.ArchiveLibarchivePeek

pkgs.perl540Packages.TestArchiveLibarchive

pkgs.perlPackages.ArchiveLibarchiveExtract

pkgs.perl5Packages.ArchiveLibarchiveExtract

pkgs.perl538Packages.ArchiveLibarchiveExtract

pkgs.perl540Packages.ArchiveLibarchiveExtract

pkgs.python312Packages.extractcode-libarchive

pkgs.python313Packages.extractcode-libarchive

pkgs.python314Packages.extractcode-libarchive

Package maintainers