{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/oob-read/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":3.9,"id":"CVE-2026-15028"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Libarchive"],"_cs_severities":["low"],"_cs_tags":["vulnerability","libarchive","heap-overflow","oob-read","rce","dos","supply-chain"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-15028, has been discovered in the widely used Libarchive library. This flaw manifests as both a heap overflow and an out-of-bounds read error when the library processes a \u003ccode\u003etar\u003c/code\u003e archive containing a maliciously crafted pax extended header. The vulnerability can be triggered when any application or system component leveraging Libarchive attempts to parse such an archive. Successful exploitation could lead to severe consequences, including denial of service, where the application crashes or becomes unresponsive, or potentially arbitrary code execution, granting attackers control over the vulnerable system. Given Libarchive's pervasive use across various operating systems and applications for archive manipulation, the potential impact is significant, warranting immediate attention from defenders to mitigate risks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker crafts malicious tar archive\u003c/strong\u003e: An attacker creates a \u003ccode\u003e.tar\u003c/code\u003e archive file that contains a specially malformed pax extended header designed to trigger the heap overflow and out-of-bounds read vulnerability within Libarchive.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery of malicious archive\u003c/strong\u003e: The crafted \u003ccode\u003e.tar\u003c/code\u003e archive is delivered to a target system or application. This could occur through various vectors, such as email attachments, malicious downloads from compromised websites, or integration into a software package.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVictim application processes archive\u003c/strong\u003e: A vulnerable application or system component on the victim's side, which incorporates or uses the Libarchive library, attempts to open, extract, or process the received malicious \u003ccode\u003e.tar\u003c/code\u003e archive.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLibarchive parsing triggered\u003c/strong\u003e: The Libarchive library begins parsing the \u003ccode\u003e.tar\u003c/code\u003e file, eventually encountering and attempting to interpret the malformed pax extended header embedded within the archive.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeap overflow / OOB read occurs\u003c/strong\u003e: The malformed header causes the Libarchive library to perform an out-of-bounds read or trigger a heap overflow condition during the header parsing process due to incorrect memory handling.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMemory corruption / Information disclosure\u003c/strong\u003e: This memory access error can lead to controlled memory corruption, allowing the attacker to overwrite critical data in memory, or result in the leakage of sensitive information from adjacent memory regions.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDenial of Service or Arbitrary Code Execution\u003c/strong\u003e: Successful exploitation of the memory corruption can either cause the vulnerable application to crash, leading to a denial of service, or enable the attacker to execute arbitrary code within the security context of the compromised application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-15028 can lead to significant impact, primarily denial of service or arbitrary code execution. Denial of service would render the affected application or system components unusable, disrupting critical services. If arbitrary code execution is achieved, attackers could gain full control over the compromised system, allowing for data theft, further system compromise, or installation of additional malware. The widespread use of the Libarchive library means that numerous applications and systems could be susceptible, although specific targeting details or victim counts are not yet available.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-15028 immediately on all systems and applications that utilize the Libarchive library to prevent exploitation.\u003c/li\u003e\n\u003cli\u003eMonitor systems that process \u003ccode\u003e.tar\u003c/code\u003e archives for unusual process crashes or unexpected memory access patterns, which could indicate attempts to exploit CVE-2026-15028.\u003c/li\u003e\n\u003cli\u003eEnsure that all software dependencies, particularly fundamental libraries like Libarchive, are regularly updated to their latest versions as recommended by vendors to address vulnerabilities such as CVE-2026-15028.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T07:42:10Z","date_published":"2026-07-15T07:42:10Z","id":"https://feed.craftedsignal.io/briefs/2026-07-libarchive-heap-overflow/","summary":"A heap overflow and out-of-bounds read vulnerability (CVE-2026-15028) has been identified in the Libarchive library, triggered by parsing a tar archive with a specially crafted pax extended header, potentially leading to denial of service or arbitrary code execution.","title":"Libarchive Heap Overflow and Out-of-Bounds Read via Pax Extended Header (CVE-2026-15028)","url":"https://feed.craftedsignal.io/briefs/2026-07-libarchive-heap-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed - Oob-Read","version":"https://jsonfeed.org/version/1.1"}