Impact
An integer overflow in the mtar_next() function causes the offset calculation to wrap around, resulting in an infinite loop that consumes 100 % CPU. The attacker can trigger this by supplying a crafted tar archive with a header size that is a multiple of 512 in a specific range, making the process hang indefinitely. The weakness is a classic integer overflow (CWE‑190) that manifests as an uncontrolled loop (CWE‑835). The impact is an availability loss through a denial‑of‑service scenario.
Affected Systems
The vulnerable product is rxi/microtar 0.1.0. The integer overflow exists in the src/microtar.c file of this version, affecting any installation that processes tar archives with this library.
Risk and Exploitability
The CVSS score of 8.7 indicates a high severity vulnerability. No EPSS value is available, and it is not listed as a Known Exploited Vulnerability by CISA. The likely attack vector is remote, through a malicious tar file supplied to a service that uses microtar for extraction. Once the crafted archive is processed, the function enters an infinite loop, delivering a denial‑of‑service.
OpenCVE Enrichment