PatchSiren cyber security CVE debrief
CVE-2026-54417 rxi CVE debrief
CVE-2026-54417 is a high severity vulnerability in rxi microtar 0.1.0 that allows remote attackers to cause a denial of service via a crafted tar archive. The vulnerability is caused by an integer overflow in the mtar_next() function in src/microtar.c. The function computes the offset to the next record using 32-bit arithmetic, which can wrap to 0 when the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00. This causes mtar_next() to seek to the current record position instead of advancing, resulting in an infinite loop that hangs the process at 100% CPU with no recovery.
- Vendor
- rxi
- Product
- microtar
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Users of rxi microtar 0.1.0 should be aware of this vulnerability and take steps to mitigate it. This includes reviewing their systems and applications that use microtar to ensure they are not exposed to crafted tar archives. Additionally, users should monitor their systems for unusual activity and apply patches or updates as soon as they are available.
Technical summary
The mtar_next() function in src/microtar.c of rxi microtar 0.1.0 is vulnerable to an integer overflow. The function calculates the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00, the addition wraps to 0. As a result, mtar_next() seeks to the current record position instead of advancing, causing mtar_find() and any loop that iterates entries with mtar_next() to repeat indefinitely over the same record. This results in the process hanging at 100% CPU with no recovery.
Defensive priority
High
Recommended defensive actions
- Review systems and applications that use microtar to ensure they are not exposed to crafted tar archives.
- Monitor systems for unusual activity.
- Apply patches or updates as soon as they are available.
- Consider using alternative tar libraries or implementations.
- Implement input validation and sanitization for tar archives.
Evidence notes
The CVE record was published on 2026-06-17T14:17:58.540Z and has not been modified since then. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD information. Defenders should verify system exposure, review official advisories, and monitor for unusual activity. No additional information is available on affected scope or vendor guidance.
Official resources
-
CVE-2026-54417 CVE record
CVE.org
-
CVE-2026-54417 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
-
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
-
Source reference
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:58.540Z and has not been modified since then. The NVD entry is currently Deferred.