Lucene search
+L

90 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an...

4.8CVSS6.1AI score0.00119EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:49 p.m.5 views

OESA-2026-2889 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.5CVSS6AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:49 p.m.2 views

OESA-2026-2888 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.5CVSS6AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 12:49 p.m.7 views

OESA-2026-2887 libarchive security update

is an open-source BSD-licensed C programming library that provides streaming access to a variety of different archive formats, including tar, cpio, pax, zip, and ISO9660 images. The distribution also includes bsdtar and bsdcpio, full-featured implementations of tar and cpio that use . Security...

7.5CVSS6AI score0.0035EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/07/03 8:3 a.m.4 views

Libarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()

...

7.5CVSS6.1AI score0.0035EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.14 views

7-Zip <= 26.02 Mark-of-the-Web Bypass (CVE-2026-58052)

The version of 7-Zip installed on the remote Windows host is 26.02 or earlier. It is, therefore, affected by a vulnerability: - 7-Zip for Windows fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier...

4.8CVSS6.1AI score0.00119EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 6:29 a.m.6 views

CVE-2026-14164

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

7.5CVSS5.7AI score0.0035EPSS
Exploits0
CVE
CVE
added 2026/06/30 6:29 a.m.26 views

CVE-2026-14164

CVE-2026-14164 concerns libarchive’s RAR5 reader. A double-free arises when a filtered_buf pointer remains stale after being freed during unpack state reinitialization, allowing a second free on processing a subsequent archive entry. The issue is triggered by parsing a specially crafted RAR5 arch...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/30 6:29 a.m.8 views

CVE-2026-14164

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

7.5CVSS5.7AI score0.0035EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-14164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stal...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/06/28 1:32 a.m.150 views

CVE-2026-58052

Technical details are not publicly available in the provided documents; monitor for updates.

4.8CVSS6.1AI score0.00119EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/28 1:32 a.m.39 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.01 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS6.1AI score0.00119EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/26 5:19 p.m.4 views

libarchive: Double-Free Vulnerability in RAR5 Decompression Logic via dangling filtered_buf pointer in init_unpack()

A double free issue has been identified in libarchive's RAR5 reader. During parsing of a specially crafted RAR5 archive, the filteredbuf pointer may remain stale after being freed during unpacking state reinitialization. Subsequent processing of another archive entry can trigger a second free of...

7.5CVSS6AI score0.0035EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents further progress. This...

7.5CVSS7AI score0.00693EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-53084

Name of the Vulnerable Software and Affected Versions 7-Zip for Windows versions prior to 26.02 Description 7-Zip fails to preserve the Mark-of-the-Web MotW when extracting a specially crafted RAR5 archive. The software uses a guard to suppress archive-supplied Zone.Identifier streams, but it onl...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
OSV
OSV
added 2026/06/22 12:34 p.m.2 views

SUSE-SU-2026:2490-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.2AI score0.01073EPSS
Exploits1References11
OSV
OSV
added 2026/06/22 9:4 a.m.2 views

SUSE-SU-2026:22248-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.3AI score0.01073EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.15 views

EulerOS Virtualization 2.13.0 : libarchive (EulerOS-SA-2026-2401)

According to the versions of the libarchive packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddat...

7.5CVSS5.5AI score0.00693EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2372)

According to the versions of the libarchive packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddat...

7.5CVSS5.6AI score0.00693EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : libarchive (EulerOS-SA-2026-2248)

According to the versions of the libarchive packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing...

7.5CVSS7.2AI score0.00693EPSS
Exploits0References2
Rows per page
Query Builder