PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54417 rxi CVE debrief

CVE-2026-54417 is a high severity vulnerability in rxi microtar 0.1.0 that allows remote attackers to cause a denial of service via a crafted tar archive. The vulnerability is caused by an integer overflow in the mtar_next() function in src/microtar.c. The function computes the offset to the next record using 32-bit arithmetic, which can wrap to 0 when the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00. This causes mtar_next() to seek to the current record position instead of advancing, resulting in an infinite loop that hangs the process at 100% CPU with no recovery.

Vendor
rxi
Product
microtar
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Users of rxi microtar 0.1.0 should be aware of this vulnerability and take steps to mitigate it. This includes reviewing their systems and applications that use microtar to ensure they are not exposed to crafted tar archives. Additionally, users should monitor their systems for unusual activity and apply patches or updates as soon as they are available.

Technical summary

The mtar_next() function in src/microtar.c of rxi microtar 0.1.0 is vulnerable to an integer overflow. The function calculates the offset to the next record as round_up(h.size, 512) + sizeof(mtar_raw_header_t) using 32-bit arithmetic. When the header size field is a multiple of 512 in the range 0xFFFFFC01-0xFFFFFE00, the addition wraps to 0. As a result, mtar_next() seeks to the current record position instead of advancing, causing mtar_find() and any loop that iterates entries with mtar_next() to repeat indefinitely over the same record. This results in the process hanging at 100% CPU with no recovery.

Defensive priority

High

Recommended defensive actions

  • Review systems and applications that use microtar to ensure they are not exposed to crafted tar archives.
  • Monitor systems for unusual activity.
  • Apply patches or updates as soon as they are available.
  • Consider using alternative tar libraries or implementations.
  • Implement input validation and sanitization for tar archives.

Evidence notes

The CVE record was published on 2026-06-17T14:17:58.540Z and has not been modified since then. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD information. Defenders should verify system exposure, review official advisories, and monitor for unusual activity. No additional information is available on affected scope or vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T14:17:58.540Z and has not been modified since then. The NVD entry is currently Deferred.