471 matches found
perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access
A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...
Important: Red Hat Security Advisory: perl-Archive-Tar security update
An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHSA-2026:30856 Red Hat Security Advisory: perl-Archive-Tar security update
Bulletin has no description...
RHSA-2026:30852 Red Hat Security Advisory: perl-Archive-Tar security update
Bulletin has no description...
perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access
A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...
perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access
A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to...
Important: Red Hat Security Advisory: perl-Archive-Tar security update
An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
RHEL 8 : perl:5.32 (RHSA-2026:30851)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30851 advisory. Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes:...
RockyLinux 8 : perl:5.32 (RLSA-2026:30851)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:30851 advisory. perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access CVE-2026-42496 perl-IO-Compress: perl-IO-Compress:...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
RHCOS 4 : OpenShift Container Platform 4.13.68 (RHSA-2026:26541)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26541 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...
Astra Linux – Vulnerability in php-pear
In ArchiveTar before version 1.4.14, symlinks can reference targets outside of the extracted archive. This is a separate vulnerability from CVE-2020-36193...
OESA-2026-2678 perl-Archive-Tar security update
archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...
Important: perl-Archive-Tar
Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...
Important: perl-Archive-Tar
Issue Overview: Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check tha...
Amazon Linux 2023 : perl-Archive-Tar, perl-Archive-Tar-tests (ALAS2023-2026-1805)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1805 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink witho...
Amazon Linux 2 : perl-Archive-Tar, --advisory ALAS2-2026-3347 (ALAS-2026-3347)
The version of perl-Archive-Tar installed on the remote host is prior to 1.92-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3347 advisory. Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extractio...
CVE-2026-42497
A flaw was found in perl-Archive-Tar. This vulnerability allows an attacker to craft a malicious tar archive that, when extracted, can create hardlinks to arbitrary files outside the intended extraction directory. This could lead to the modification of sensitive files on the system, potentially...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.20.24 packages and security update
Red Hat OpenShift Container Platform release 4.20.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...