aikido.dev Secure My Code

Intel/AIKIDO-2026-10422

AIKIDO-2026-10422

modern-tar is vulnerable to Integer Overflow

Integer Overflow Pre-CVE

51

Medium Risk

This Affects:

0.7.0 - 0.7.5

Fixed in 0.7.6

TL;DR

Affected versions of this package contain an integer overflow issue in block-size rounding logic, where very large values above 2^31 can wrap during padding calculations and cause the parser to use incorrect block sizes. This can break parsing behavior, corrupt pipeline state, or trigger unexpected failures when processing crafted input. An attacker may be able to exploit this by supplying a malicious file or payload with oversized header metadata, causing the parser to miscalculate boundaries and potentially induce denial of service or unsafe downstream behavior.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

modern-tar is vulnerable to Integer Overflow in versions 0.7.0 - 0.7.5.

How to fix this

Upgrade the modern-tar library to the patch version.

51

Medium Risk

This Affects:

0.7.0 - 0.7.5

Fixed in 0.7.6

Links

github.com/ayuhito/modern-tar/releases/tag/v0.7.6

Get Secure Now

Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.

No credit card required | Scan results in 32secs.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done