microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()

Advisories

microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()

severity: high
date: 6/1/2026
Affecting: microtar <= 0.1.0
An affected version range remains undefined
CVE: CVE-2026-43623
CWE: CWE-121 Stack-based Buffer Overflow
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: GitHub Issue (1)
GitHub Issue (2)
GitHub Issue (3)
Credit: Byambadalai Sumiya (@ByamB4), Saidakbarxon Maxsudxonov, mms (@3291710458)
Description: microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar format fields that lack null terminators, causing writes of up to 355 bytes into a 100-byte destination buffer when mtar_open(), mtar_find(), or mtar_read_header() process attacker-supplied TAR archives.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo