Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2026/05/26 12:18 a.m.10 views

CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...

5.8AI score0.00437EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/26 12:18 a.m.9 views

CVE-2026-9538

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. readtar reads each entry's payload with $handle-read$$data, $block, where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that...

7.5CVSS5.8AI score0.00437EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:17 a.m.10 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

5.8AI score0.00417EPSS
Exploits0References4
CVE
CVE
added 2026/05/26 12:17 a.m.498 views

CVE-2026-42496

CVE-2026-42496 affects the Archive::Tar Perl module, versions prior to 3.08. The vulnerability arises when extracting tar archives: _make_special_file() passes the tar header’s linkname to symlink() without validating against absolute paths or .. segments. The secure-extract mode protecting regul...

9.1CVSS5.8AI score0.0043EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.16 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.0043EPSS
Exploits0References5
OSV
OSV
added 2007/11/02 4:46 p.m.4 views

CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

6.5AI score
Exploits0References18
Cvelist
Cvelist
added 2007/11/02 4:0 p.m.29 views

CVE-2007-4829

Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences...

6.3AI score0.04322EPSS
Exploits1References15
Rows per page
Query Builder