350 matches found
PT-2026-3329
Name of the Vulnerable Software and Affected Versions node-tar versions = 7.5.2 Description The node-tar library fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false, which is the default secure behavior. This allows malicious archives to bypass...
PT-2026-24117
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.11 Description The node-tar software contains a flaw where it can be manipulated into creating a symbolic link that points outside the intended extraction directory. This is achieved by utilizing a drive-relative...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-64118]
Summary Node.js module tar is used by IBM App Connect Enterprise Certified Container for handling archives files and data. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
TencentOS Server 3: nodejs:20 (TSSA-2024:0765)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0765 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
Linux Distros Unpatched Vulnerability : CVE-2025-64118
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was...
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
UBUNTU-CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
EUVD-2025-37034
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118
The CVE-2025-64118 issue affects node-tar (Tar for Node.js). In version 7.5.1, reading tar entries with .t/.list using { sync: true } can return uninitialized memory if the tar file is changed on disk to a smaller size during read. This memory contents exposure is fixed in version 7.5.2. The vuln...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
EUVD-2025-37038
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
node-tar has a race condition leading to uninitialized memory exposure
Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...
GHSA-29XP-372Q-XQPH node-tar has a race condition leading to uninitialized memory exposure
Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...
node-tar 安全漏洞
node-tar is a package for file compression/decompression by isaacs individual developers. A security vulnerability exists in node-tar version 7.5.1, which stems from the return of uninitialized memory contents when reading the contents of a tar entry using .t, which could lead to information...
PT-2025-44446
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2 Description node-tar is a Tar for Node.js. When using the .t also known as .list function with the sync: true option to read tar entry contents, uninitialized memory contents may be returned if the tar file is...
EUVD-2019-0468
Malware in sbrugna...