CVE-2026-9538
Received Received - Intake
Memory Exhaustion in Perl Archive::Tar

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: CPANSec

Description
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value. A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-05-26
AI Q&A
2026-05-26
EPSS Evaluated
N/A
NVD
CVE-2026-9538
EUVD
EUVD-2026-31775
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-9538 is a vulnerability in Archive::Tar versions before 3.10 for Perl that allows an attacker to cause memory exhaustion. This happens because the _read_tar() function reads the size of each tar entry from a 12-byte size field in the tar header without any upper limit. An attacker can craft a tar header that declares an extremely large size, causing Perl to allocate a very large amount of memory, potentially leading to a denial-of-service condition.


How can this vulnerability impact me? :

This vulnerability can impact you by causing a memory denial-of-service (DoS) attack. When processing a malicious tar archive with an excessively large declared entry size, the system running Archive::Tar may allocate multi-gigabyte memory blocks. This can exhaust system memory resources, potentially leading to application crashes, degraded performance, or system instability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a malicious tar archive with an attacker-controlled entry size field that declares an extremely large size, causing memory exhaustion when processed by vulnerable Archive::Tar versions before 3.10.

Detection can involve inspecting tar files for unusually large declared entry sizes in their headers before extraction.

While no specific commands are provided in the resources, a practical approach is to analyze tar headers using tools like 'tar' with verbose or listing options, or custom scripts to parse the size fields in tar headers to identify entries with suspiciously large sizes.

For example, you can use the following command to list tar contents with sizes:

  • tar -tvf suspicious_archive.tar

Then manually check for entries with abnormally large sizes that could indicate an exploit attempt.


What immediate steps should I take to mitigate this vulnerability?

The primary mitigation step is to upgrade Archive::Tar to version 3.10 or later, which includes a patch that limits the maximum allowed size for each tar entry to 1 GiB.

This patch prevents memory exhaustion by rejecting entries with declared sizes exceeding the limit before any memory allocation occurs.

Until the upgrade can be applied, avoid processing untrusted tar archives with vulnerable versions of Archive::Tar.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart