libarchive Heap Out-of-Bounds Read Vulnerability in RAR Archive Processing

A heap out-of-bounds read vulnerability has been identified in the libarchive library, specifically within the RAR archive processing logic. This vulnerability arises from inadequate validation of the LZSS sliding window size following transitions between compression methods, particularly PPMd and LZSS. As a result, the copy_from_lzss_window() function can perform out-of-bounds memory reads, leading to the unintentional disclosure of sensitive heap memory information. This vulnerability can be exploited remotely, without authentication or user interaction, on systems that automatically process untrusted RAR archives.

Impact

Exploitation of this vulnerability can result in the unauthorized disclosure of sensitive information from heap memory, such as cryptographic keys or personal identifiable information. Additionally, the out-of-bounds read could cause a segmentation fault, crashing the application. According to Red Hat, this vulnerability could also be exploited to bypass memory protection mechanisms, potentially facilitating further attacks.