rxi microtar CVE-2026-54417
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Trigger is a single crafted archive with no auth or interaction when the consuming app accepts network input; impact is CPU-exhaustion DoS only, so C:N/I:N/A:H.
Primary rating from Vendor (TuranSec).
CVSS VectorVendor: TuranSec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.
AnalysisAI
Denial of service in rxi microtar 0.1.0 allows remote attackers to hang any consumer of the library at 100% CPU by supplying a crafted tar archive whose header size field triggers a 32-bit integer overflow in mtar_next(). The flaw affects every application that parses untrusted tar streams with this lightweight C library, and no public exploit is identified at time of analysis, though the trigger is trivial to construct from the description alone.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target application must (a) link or vendor rxi microtar 0.1.0's src/microtar.c and (b) call mtar_find() or any loop that iterates entries via mtar_next() over an archive whose contents are attacker-controlled. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H gives 7.5 (High) and matches reality for the availability dimension - one malformed archive permanently pegs a CPU with no recovery - but the AV:N rating is contingent on the embedding application accepting tar input over the network; for a CLI tool reading local files the practical vector is closer to AV:L. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker uploads or serves a tar archive whose first (or any) record header sets the size field to 0xFFFFFE00 (or another 512-aligned value in 0xFFFFFC01-0xFFFFFE00); when the target application - a game asset loader, firmware update parser, or backup tool linking microtar - calls mtar_find() or iterates with mtar_next(), the offset arithmetic wraps to zero and the loop spins on the same header forever, pinning a core at 100% CPU. No public exploit is identified at time of analysis, but the description is sufficient to produce a working PoC in a few lines of Python. |
| Remediation | No vendor-released patch identified at time of analysis - the upstream repository at https://github.com/rxi/microtar has not published a tagged fix in the data provided. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit your codebase and dependencies to identify all use of rxi microtar version 0.1.0 or earlier, and determine which applications process untrusted tar inputs. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Stack-based buffer overflow in microtar through 0.1.0 allows remote attackers to corrupt stack memory and potentially ac
Stack-based buffer overflow in rxi microtar 0.1.0 allows remote attackers to crash or potentially execute arbitrary code
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today