VYPR

microtar

by Rxi

CVEs (2)

  • CVE-2026-43623HigJun 1, 2026
    risk 0.57cvss 8.8epss 0.00

    microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function…

  • CVE-2026-55738Jun 17, 2026
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format…