CVE-2026-54417

HIGH 7.5

Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (uncontrolled CPU consumption / infinite loop) via a crafted tar archive. mtar_next() computes the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00 (e.g. 0xFFFFFE00), the addition wraps to 0, so mtar_next() seeks to the current record position instead of advancing. As a result, mtar_find() and any loop that iterates entries with mtar_next() repeat indefinitely over the same record, hanging the process at 100% CPU with no recovery.

CWE	CWE-190 CWE-835
Vendor	rxi
Product	microtar
Published	Jun 17, 2026
Last Updated	Jun 17, 2026

Stay Ahead of the Next One

Get instant alerts for rxi microtar

Be the first to know when new high vulnerabilities affecting rxi microtar are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

rxi / microtar

0.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/rxi/microtar/blob/master/src/microtar.c#L239 github.com: https://github.com/rxi/microtar raw.githubusercontent.com: https://raw.githubusercontent.com/rxi/microtar/master/src/microtar.c

Credits

🔍 Saidakbarxon Maxsudxonov