Libarchive: double free at archive_read_format_rar_seek_data in archive_read_support_format_rar.c
Summary
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. Affected products named by the advisory: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 7 Extended Lifecycle Support; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 8.2 Advanced Update Support; and 28 more. Affected products named by the advisory: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On; Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support; Red Hat Enterprise Linux 8.6 Telecommunications Update Service; and 23 more.
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.