CVE-2026-54417
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| rxi | microtar | 0.1.0 | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
- CWE-835: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/rxi/microtar/blob/master/src/microtar.c#L239
- https://github.com/rxi/microtar
- https://raw.githubusercontent.com/rxi/microtar/master/src/microtar.c
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.