Impact
A stack-based buffer overflow exists in the raw_to_header() function of rxi microtar 0.1.0. The function copies the 100‑byte name and linkname fields of a TAR header with strcpy() without ensuring the source is null‑terminated, a flaw characterized by CWE‑121 and CWE‑170. In the POSIX ustar format the fixed‑width fields may be fully populated with non‑null bytes. A crafted archive whose linkname field, followed by the padding of the 512‑byte raw header, contains no null terminator causes strcpy() to read past the end of the stack buffer and write past the destination buffer. The CVE description states that a remote attacker who supplies such a crafted TAR archive that the victim opens or parses via mtar_open, mtar_read_header, or mtar_find can trigger an out‑of‑bounds read and a stack buffer overflow, resulting in denial of service and potentially arbitrary code execution.
Affected Systems
The vulnerability affects all instances of rxi microtar version 0.1.0. No other affected versions are listed.
Risk and Exploitability
The CVSS score of 8.7 indicates a high severity. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the processing of a malicious TAR archive; any application that uses mtar_* functions to open or read TAR files is a potential vector. Exploitation can be achieved by providing a specially crafted archive that lacks a null terminator in the relevant fields, which triggers the overflow and gives the attacker the possibility of arbitrary code execution or a crash. The absence of a publicly released fix further increases the risk of exploitation in the wild.
OpenCVE Enrichment