CVE-2026-43623

Published: Giu 01, 2026 Last Modified: Giu 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar format fields that lack null terminators, causing writes of up to 355 bytes into a 100-byte destination buffer when mtar_open(), mtar_find(), or mtar_read_header() process attacker-supplied TAR archives.

121

Stack-based Buffer Overflow

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Modify Memory Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Other
Applicable Platforms
Languages: Memory-Unsafe, C, C++
Likelihood of Exploit: High
View CWE Details
https://github.com/rxi/microtar/issues/28
https://github.com/rxi/microtar/issues/28
https://github.com/rxi/microtar/issues/29
https://github.com/rxi/microtar/issues/29
https://github.com/rxi/microtar/issues/30
https://github.com/rxi/microtar/issues/30
https://www.vulncheck.com/advisories/microtar-stack-based-b…
https://www.vulncheck.com/advisories/microtar-stack-based-buffer-overflow-via-r…