CVE-2026-55738
HighCVSS 8.8Summary
A stack-based buffer overflow exists in the raw_to_header() function in rxi microtar 0.1.0. The function copies the name and linkname fields of a TAR header without guaranteeing null termination, potentially leading to out-of-bounds read and stack buffer overflow.
Risk Assessment
An attacker can supply a crafted TAR archive, leading to denial of service and potentially arbitrary code execution. This poses a serious security risk to the system.
Recommendation
It is recommended to update to the latest version of rxi microtar to mitigate this vulnerability. Additionally, avoid opening or parsing unknown TAR archives.
Original NVD description (English source)
A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width fields to be fully populated with non-null bytes, so a crafted archive whose linkname field (followed by the trailing padding of the 512-byte raw header) contains no null terminator causes strcpy() to read past the end of the 512-byte raw header stack buffer and to write past the destination header buffer. A remote attacker who supplies a crafted TAR archive that the victim opens or parses (via mtar_open(), mtar_read_header(), or mtar_find()) can cause an out-of-bounds read and a stack buffer overflow, resulting in denial of service (crash) and potentially arbitrary code execution. Confirmed with AddressSanitizer: stack-buffer-overflow READ of size 356 in raw_to_header at src/microtar.c:112.

