CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•5 views

EUVD-2026-37712

8.8CVSS6.2AI score0.00635EPSS

Cvelist•added 6 days ago•27 views

CVE-2026-54417 Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS

EUVD•added 6 days ago•7 views

EUVD-2026-37704

8.7CVSS5.5AI score0.00417EPSS

RedhatCVE•added 2026/06/04 12:4 p.m.•11 views

CVE-2026-43623

A flaw was found in microtar. A remote attacker could exploit a stack-based buffer overflow vulnerability in the rawtoheader function by supplying a crafted TAR archive with non-null-terminated name or linkname fields. This flaw allows the attacker to corrupt adjacent stack memory, which may lead...

8.8CVSS6.3AI score0.00318EPSS

Exploits0References2

Snyk•added 2026/06/01 8:27 p.m.•3 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the rawtoheader function. An attacker can corrupt adjacent stack memory and potentially execute arbitrary code or cause a crash by supplying a crafted TAR archive with non-null-terminated name or linkname...

8.8CVSS5.9AI score0.00318EPSS

Exploits0References2

NVD•added 2026/06/01 7:16 p.m.•8 views

CVE-2026-43623

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the rawtoheader function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...

8.8CVSS0.00318EPSS

CVE•added 2026/06/01 6:4 p.m.•14 views

CVE-2026-43623

CVE-2026-43623 affects microtar up to version 0.1.0. A stack-based buffer overflow in the raw_to_header() function (src/microtar.c) can be triggered by crafted TAR archives with non-null-terminated name or linkname fields. The function uses strcpy() to copy 100-byte ustar fields, which can write ...

EUVD•added 2026/06/01 6:4 p.m.•11 views

EUVD-2026-33741

Cvelist•added 2026/06/01 6:4 p.m.•34 views

CVE-2026-43623 microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()

8.8CVSS0.00318EPSS

Vulnrichment•added 2026/06/01 6:4 p.m.•8 views

CVE-2026-43623 microtar 0.1.0 Stack-Based Buffer Overflow via raw_to_header()

ATTACKERKB•added 2026/06/01 6:4 p.m.•8 views

CVE-2026-43623

CNNVD•added 2026/06/01 12:0 a.m.•10 views

Exploits0References5

microtar 安全漏洞

microtar is a lightweight ANSI C language tar library developed by rxi’s individual developers. Versions of microtar 0.1.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the rawtoheader function using strcpy to copy fields in the ustar format that are not empty...

8.8CVSS5.4AI score0.00318EPSS

Positive Technologies•added 2026/06/01 12:0 a.m.•10 views

PT-2026-45517

microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw to header function in src/microtar.c that allows attackers to corrupt adjacent stack memory by supplying a crafted TAR archive with non-null-terminated name or linkname fields. The function uses strcpy to copy...