CVE Catalog

CVE-2026-54417

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

An integer overflow in the mtar_next() function in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service via a crafted tar archive. The issue occurs when the header size is a multiple of 512 in a specific range, leading to an infinite loop.

Risk Assessment

An attacker can cause 100% CPU consumption, resulting in the process hanging and no recovery possible. This can impact the availability of services within the organization.

Recommendation

It is recommended to update to a newer version of rxi microtar that fixes this vulnerability. Additionally, monitoring CPU usage and implementing limits on processing tar archives may help mitigate the risk.

Original NVD description (English source)

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS