<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Oob-Read - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/oob-read/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 15 Jul 2026 07:42:10 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/oob-read/feed.xml" rel="self" type="application/rss+xml"/><item><title>Libarchive Heap Overflow and Out-of-Bounds Read via Pax Extended Header (CVE-2026-15028)</title><link>https://feed.craftedsignal.io/briefs/2026-07-libarchive-heap-overflow/</link><pubDate>Wed, 15 Jul 2026 07:42:10 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-libarchive-heap-overflow/</guid><description>A heap overflow and out-of-bounds read vulnerability (CVE-2026-15028) has been identified in the Libarchive library, triggered by parsing a tar archive with a specially crafted pax extended header, potentially leading to denial of service or arbitrary code execution.</description><content:encoded><![CDATA[<p>A critical vulnerability, tracked as CVE-2026-15028, has been discovered in the widely used Libarchive library. This flaw manifests as both a heap overflow and an out-of-bounds read error when the library processes a <code>tar</code> archive containing a maliciously crafted pax extended header. The vulnerability can be triggered when any application or system component leveraging Libarchive attempts to parse such an archive. Successful exploitation could lead to severe consequences, including denial of service, where the application crashes or becomes unresponsive, or potentially arbitrary code execution, granting attackers control over the vulnerable system. Given Libarchive's pervasive use across various operating systems and applications for archive manipulation, the potential impact is significant, warranting immediate attention from defenders to mitigate risks.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Attacker crafts malicious tar archive</strong>: An attacker creates a <code>.tar</code> archive file that contains a specially malformed pax extended header designed to trigger the heap overflow and out-of-bounds read vulnerability within Libarchive.</li>
<li><strong>Delivery of malicious archive</strong>: The crafted <code>.tar</code> archive is delivered to a target system or application. This could occur through various vectors, such as email attachments, malicious downloads from compromised websites, or integration into a software package.</li>
<li><strong>Victim application processes archive</strong>: A vulnerable application or system component on the victim's side, which incorporates or uses the Libarchive library, attempts to open, extract, or process the received malicious <code>.tar</code> archive.</li>
<li><strong>Libarchive parsing triggered</strong>: The Libarchive library begins parsing the <code>.tar</code> file, eventually encountering and attempting to interpret the malformed pax extended header embedded within the archive.</li>
<li><strong>Heap overflow / OOB read occurs</strong>: The malformed header causes the Libarchive library to perform an out-of-bounds read or trigger a heap overflow condition during the header parsing process due to incorrect memory handling.</li>
<li><strong>Memory corruption / Information disclosure</strong>: This memory access error can lead to controlled memory corruption, allowing the attacker to overwrite critical data in memory, or result in the leakage of sensitive information from adjacent memory regions.</li>
<li><strong>Denial of Service or Arbitrary Code Execution</strong>: Successful exploitation of the memory corruption can either cause the vulnerable application to crash, leading to a denial of service, or enable the attacker to execute arbitrary code within the security context of the compromised application.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-15028 can lead to significant impact, primarily denial of service or arbitrary code execution. Denial of service would render the affected application or system components unusable, disrupting critical services. If arbitrary code execution is achieved, attackers could gain full control over the compromised system, allowing for data theft, further system compromise, or installation of additional malware. The widespread use of the Libarchive library means that numerous applications and systems could be susceptible, although specific targeting details or victim counts are not yet available.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-15028 immediately on all systems and applications that utilize the Libarchive library to prevent exploitation.</li>
<li>Monitor systems that process <code>.tar</code> archives for unusual process crashes or unexpected memory access patterns, which could indicate attempts to exploit CVE-2026-15028.</li>
<li>Ensure that all software dependencies, particularly fundamental libraries like Libarchive, are regularly updated to their latest versions as recommended by vendors to address vulnerabilities such as CVE-2026-15028.</li>
</ul>
]]></content:encoded><category domain="severity">low</category><category domain="type">advisory</category><category>vulnerability</category><category>libarchive</category><category>heap-overflow</category><category>oob-read</category><category>rce</category><category>dos</category><category>supply-chain</category></item></channel></rss>