Description
microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar format fields that lack null terminators, causing writes of up to 355 bytes into a 100-byte destination buffer when mtar_open(), mtar_find(), or mtar_read_header() process attacker-supplied TAR archives.
Published: 2026-06-01
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

microtar 0.1.0 contains a stack‑based buffer overflow in raw_to_header(). The function uses strcpy() to copy up to 100‑byte ustar fields that may lack a null terminator, allowing up to 355 bytes to be written into a 100‑byte destination buffer during mtar_open(), mtar_find(), or mtar_read_header(). This overflow can corrupt adjacent stack memory, and based on the description it is inferred that an attacker might be able to execute arbitrary code or at least crash the application, but the CVE data does not explicitly confirm RCE. The weakness is categorized as CWE‑121.

Affected Systems

The affected product is microtar v0.1.0 from vendor rxi:microtar. No other versions or vendors are listed in the CNA data, so only this specific release is impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker might supply a malicious TAR archive to any application that uses microtar; the vector could be local if the application accepts input from the local filesystem, or remote if a network interface allows delivery of the archive, but the exact attack vector is not explicitly defined in the CVE data. Successful exploitation would require stack manipulation and potentially a return‑to‑libc or ROP chain to achieve code execution, but this is not confirmed.

Generated by OpenCVE AI on June 1, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade microtar to a fixed release that removes the unsafe strcpy() in raw_to_header().
  • If upgrading is not immediately feasible, isolate microtar processing to a sandboxed or privileged environment and restrict the source of input TAR files to trusted actors.
  • Compile the application with stack protection options such as stack canaries, ASLR, and compile‑time sanitizers to reduce the impact of any remaining overflow.

Generated by OpenCVE AI on June 1, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Description microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar format fields that lack null terminators, causing writes of up to 355 bytes into a 100-byte destination buffer when mtar_open(), mtar_find(), or mtar_read_header() process attacker-supplied TAR archives.
Title microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-01T18:04:14.379Z

Reserved: 2026-05-01T18:22:45.640Z

Link: CVE-2026-43623

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T19:16:46.723

Modified: 2026-06-01T19:16:46.723

Link: CVE-2026-43623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T21:00:15Z

Weaknesses