CVE-2026-9538: CWE-789 Memory Allocation with Excessive Size Value in BINGOS Archive::Tar
CVE-2026-9538 is a vulnerability in BINGOS Archive::Tar versions before 3. 10 for Perl that allows an attacker to cause memory exhaustion. The issue arises because the _read_tar() function reads the size field from a tar header without an upper bound, leading to allocation of excessively large memory buffers based on attacker-controlled input. This can result in denial of service due to resource exhaustion. No patch or official remediation has been confirmed at this time.
AI Analysis
Technical Summary
The vulnerability in Archive::Tar before version 3.10 involves improper handling of the size field in tar headers. The _read_tar() function reads the entry size from a 12-byte field and uses it to allocate memory without validating the size. An attacker can craft a tar header with a very large size value, causing the Perl scalar to allocate an excessive amount of memory, leading to memory exhaustion. This is classified under CWE-789 (Memory Allocation with Excessive Size Value). No CVSS score or patch information is currently available.
Potential Impact
An attacker can cause the affected software to allocate very large amounts of memory by providing a malicious tar archive with an oversized size field. This can lead to denial of service conditions due to memory exhaustion. There is no indication of code execution or data corruption from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid processing untrusted tar archives with vulnerable versions of Archive::Tar. Monitoring vendor channels for updates is recommended.
CVE-2026-9538: CWE-789 Memory Allocation with Excessive Size Value in BINGOS Archive::Tar
Description
CVE-2026-9538 is a vulnerability in BINGOS Archive::Tar versions before 3. 10 for Perl that allows an attacker to cause memory exhaustion. The issue arises because the _read_tar() function reads the size field from a tar header without an upper bound, leading to allocation of excessively large memory buffers based on attacker-controlled input. This can result in denial of service due to resource exhaustion. No patch or official remediation has been confirmed at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Archive::Tar before version 3.10 involves improper handling of the size field in tar headers. The _read_tar() function reads the entry size from a 12-byte field and uses it to allocate memory without validating the size. An attacker can craft a tar header with a very large size value, causing the Perl scalar to allocate an excessive amount of memory, leading to memory exhaustion. This is classified under CWE-789 (Memory Allocation with Excessive Size Value). No CVSS score or patch information is currently available.
Potential Impact
An attacker can cause the affected software to allocate very large amounts of memory by providing a malicious tar archive with an oversized size field. This can lead to denial of service conditions due to memory exhaustion. There is no indication of code execution or data corruption from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should avoid processing untrusted tar archives with vulnerable versions of Archive::Tar. Monitoring vendor channels for updates is recommended.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-05-25T23:04:04.116Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a14f66ba5ae1af1aa1760b3
Added to database: 5/26/2026, 1:24:59 AM
Last enriched: 5/26/2026, 1:39:53 AM
Last updated: 5/26/2026, 2:33:18 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.