CVE-2026-9538
Modified Modified - Updated After Analysis
Memory Exhaustion in Perl Archive::Tar

Publication date: 2026-05-26

Last updated on: 2026-05-28

Assigner: CPANSec

Description
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value. A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-28
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9538
EUVD
EUVD-2026-31775
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9538 is a vulnerability in Archive::Tar versions before 3.10 for Perl that allows an attacker to cause memory exhaustion. This happens because the _read_tar() function reads the size of each tar entry from a 12-byte size field in the tar header without any upper limit. An attacker can craft a tar header that declares an extremely large size, causing Perl to allocate a very large amount of memory, potentially leading to a denial-of-service condition.

Impact Analysis

This vulnerability can impact you by causing a memory denial-of-service (DoS) attack. When processing a malicious tar archive with an excessively large declared entry size, the system running Archive::Tar may allocate multi-gigabyte memory blocks. This can exhaust system memory resources, potentially leading to application crashes, degraded performance, or system instability.

Detection Guidance

This vulnerability involves a malicious tar archive with an attacker-controlled entry size field that declares an extremely large size, causing memory exhaustion when processed by vulnerable Archive::Tar versions before 3.10.

Detection can involve inspecting tar files for unusually large declared entry sizes in their headers before extraction.

While no specific commands are provided in the resources, a practical approach is to analyze tar headers using tools like 'tar' with verbose or listing options, or custom scripts to parse the size fields in tar headers to identify entries with suspiciously large sizes.

For example, you can use the following command to list tar contents with sizes:

  • tar -tvf suspicious_archive.tar

Then manually check for entries with abnormally large sizes that could indicate an exploit attempt.

Mitigation Strategies

The primary mitigation step is to upgrade Archive::Tar to version 3.10 or later, which includes a patch that limits the maximum allowed size for each tar entry to 1 GiB.

This patch prevents memory exhaustion by rejecting entries with declared sizes exceeding the limit before any memory allocation occurs.

Until the upgrade can be applied, avoid processing untrusted tar archives with vulnerable versions of Archive::Tar.

Compliance Impact

The provided information does not specify any direct impact of CVE-2026-9538 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9538. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart