{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-55738/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-17T15:00:58.607Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-55738","@id":"https://www.cve.org/CVERecord?id=CVE-2026-55738","description":"A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width fields to be fully populated with non-null bytes, so a crafted archive whose linkname field (followed by the trailing padding of the 512-byte raw header) contains no null terminator causes strcpy() to"},"products":[{"@id":"cpe:2.3:a:rxi:microtar:0.1.0:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:rxi:microtar:0.1.0:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-17T15:00:58.607Z"}]}