CVE-2026-54417
HighCVSS 7.5Summary
An integer overflow in the mtar_next() function in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service via a crafted tar archive. The issue occurs when the header size is a multiple of 512 in a specific range, leading to an infinite loop.
Risk Assessment
An attacker can cause 100% CPU consumption, resulting in the process hanging and no recovery possible. This can impact the availability of services within the organization.
Recommendation
It is recommended to update to a newer version of rxi microtar that fixes this vulnerability. Additionally, monitoring CPU usage and implementing limits on processing tar archives may help mitigate the risk.
Original NVD description (English source)
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.

