2 matches found
CVE-2026-50163 oras-go: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution in `oras-go` tar extraction
oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the extract base but returns the unresolved target, causing os.Link"victim.secret", "/payload.tar.gz/evilcwdlink" to resolve header.Linkname...
SUSE CVE-2026-42496
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...