Stack-Based Buffer Overflow in rxi Microtar TAR Archive Handling
CVE-2026-55738

8.7HIGH

Key Information:

Vendor: Rxi
Status: Microtar
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-55738?

A stack-based buffer overflow exists in the raw_to_header() function of rxi microtar 0.1.0. The vulnerability arises when the library processes TAR archive headers using strcpy() to copy fixed-width fields without ensuring proper null termination. This occurs in the context of the POSIX ustar format, where a maliciously crafted TAR archive can exploit this oversight. If the linkname field in the TAR header contains no null terminator, it leads to an out-of-bounds read and write, potentially allowing remote attackers to crash the application or execute arbitrary code when a victim opens or interacts with the affected archive functions.

Affected Version(s)

microtar 0.1.0

References

https://github.com/rxi/microtar/blob/master/src/microtar....

product

https://github.com/rxi/microtar

product

https://raw.githubusercontent.com/rxi/microtar/master/src...

technical-description

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 17, 2026

Credit

Saidakbarxon Maxsudxonov

CVE-2026-55738 Data

JSON

Rxi

What is CVE-2026-55738?

Affected Version(s)

References

CVSS V4

Timeline

Credit