CVE-2026-55738 rxi CVE debrief

Who should care

Developers and users of the microtar library, especially those who handle TAR archives from untrusted sources, should be aware of this vulnerability. Applications that use microtar to parse or open TAR archives are potentially exposed to denial of service or code execution attacks.

Technical summary

The raw_to_header() function in src/microtar.c uses strcpy() to copy the 100-byte name and linkname fields from a TAR header without ensuring null termination of the source. Since the POSIX ustar format allows these fields to be fully populated with non-null bytes, a specially crafted archive can cause strcpy() to read past the end of the 512-byte raw header stack buffer and write past the destination header buffer. This can lead to an out-of-bounds read and a stack buffer overflow.

Defensive priority

High

Recommended defensive actions

• Update to the latest version of microtar if available.
• Use safe functions like strncpy() or snprintf() that allow for bounds checking.
• Validate and sanitize TAR archive inputs to prevent crafted archives from being processed.
• Implement additional error checking around TAR parsing functions.
• Consider using alternative TAR parsing libraries with built-in security features.
• Monitor for and block suspicious TAR archive uploads or processing requests.

Evidence notes

The vulnerability was confirmed using AddressSanitizer, which detected a stack-buffer-overflow READ of size 356 in raw_to_header at src/microtar.c:112. The CVE record and NVD detail provide additional context and references to the vulnerable code.

Official resources