{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/node-tar/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:isaacs:tar:*:*:*:*:*:node.js:*:*"],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-59874"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["node-tar"],"_cs_severities":["low"],"_cs_tags":["denial-of-service","vulnerability","node-tar","cve"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Microsoft Security Response Center (MSRC) has published details for CVE-2026-59874, a high-severity denial-of-service vulnerability affecting the \u003ccode\u003enode-tar\u003c/code\u003e library. This flaw can be triggered when a system attempts to replace an existing archive with a specially crafted tar file containing an entry with a negative size. Processing such a malicious archive leads to an infinite loop within the \u003ccode\u003enode-tar\u003c/code\u003e library, consuming excessive system resources and causing the affected application or service to become unresponsive. This vulnerability poses a risk to any application or service that utilizes \u003ccode\u003enode-tar\u003c/code\u003e for archive handling, potentially leading to critical service disruptions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker creates a malicious tar archive.\u003c/li\u003e\n\u003cli\u003eThe attacker embeds an entry within this archive that specifies a negative size value.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this crafted tar archive to a target system.\u003c/li\u003e\n\u003cli\u003eA vulnerable application or service on the target system attempts to process the malicious archive using the \u003ccode\u003enode-tar\u003c/code\u003e library.\u003c/li\u003e\n\u003cli\u003eSpecifically, the application initiates an archive replacement operation involving the malicious tar file.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003enode-tar\u003c/code\u003e library, when parsing the tar entry with the negative size during the replacement, enters an infinite loop.\u003c/li\u003e\n\u003cli\u003eThis infinite loop consumes all available CPU and memory resources on the system.\u003c/li\u003e\n\u003cli\u003eThe affected application or the entire host system becomes unresponsive, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-59874 leads to a denial-of-service condition for applications utilizing the vulnerable \u003ccode\u003enode-tar\u003c/code\u003e library. This could manifest as severe resource exhaustion (CPU, memory), causing the affected application to hang, crash, or become entirely unresponsive. While no specific victims or targeting sectors are mentioned, any system processing untrusted tar archives with vulnerable versions of \u003ccode\u003enode-tar\u003c/code\u003e could be impacted, leading to significant operational disruptions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch affected systems immediately by upgrading the \u003ccode\u003enode-tar\u003c/code\u003e library to a version that addresses CVE-2026-59874. Consult the \u003ccode\u003enode-tar\u003c/code\u003e project for specific remediation guidance.\u003c/li\u003e\n\u003cli\u003eReview applications that use the \u003ccode\u003enode-tar\u003c/code\u003e library to identify vulnerable instances.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-12T07:04:31Z","date_published":"2026-07-12T07:04:31Z","id":"https://feed.craftedsignal.io/briefs/2026-07-node-tar-dos/","summary":"A denial-of-service vulnerability, identified as CVE-2026-59874, exists in the 'node-tar' library, allowing a negative tar entry size to trigger an infinite loop when an archive is being replaced, potentially leading to system unavailability.","title":"node-tar Denial-of-Service Vulnerability via Negative Tar Entry Size (CVE-2026-59874)","url":"https://feed.craftedsignal.io/briefs/2026-07-node-tar-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - Node-Tar","version":"https://jsonfeed.org/version/1.1"}