Msrc Cbl2 Libarchive 3.6.1-8 On Cbl Mariner 2.0 vulnerabilities
4 known vulnerabilities affecting msrc/cbl2_libarchive_3.6.1-8_on_cbl_mariner_2.0.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-4424HIGHCVSS 7.52026-03-10
CVE-2026-4424 [HIGH] CWE-125 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processing
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
msrc
CVE-2026-4111HIGHCVSS 7.52026-03-10
CVE-2026-4111 [HIGH] CWE-835 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchive
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
msrc
CVE-2026-4426MEDIUMCVSS 6.52026-03-10
CVE-2026-4426 [MEDIUM] CWE-1335 Libarchive: libarchive: denial of service via malformed iso file processing
Libarchive: libarchive: denial of service via malformed iso file processing
Mariner: Mariner
redhat: redhat
Customer Action Required: Yes
msrc
CVE-2025-60753MEDIUMCVSS 5.52025-11-11
CVE-2025-60753 [MEDIUM] CWE-400 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allo
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
Marine
msrc