2 matches found
SUSE CVE-2026-24846
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
CVE-2026-24846
CVE-2026-24846 affects the malcontent project. In versions 1.8.0 through 1.20.3, the archive extraction logic could be coerced into creating symlinks outside the intended extraction directory due to the handleSymlink function receiving arguments in the wrong order and lack of validation of symlin...