Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36766

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

5.4AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.5 views

CVE-2026-45390

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

9.1CVSS0.00373EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-45390

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

0.00373EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.17 views

CVE-2026-45390

CVE-2026-45390 affects OCaml-tar before 3.4.0. A crafted archive containing "../" segments in file names can escape the extraction directory, allowing arbitrary file writes outside the target path when decompression is reachable. The OSV/ENISA reports show the vulnerable function uses Filename.co...

9.1CVSS5.5AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 8:55 p.m.9 views

OSEC-2026-08 Path traversal vulnerability in ocaml-tar

A malicious archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file write outside of the desired extraction director...

8.2CVSS6AI score0.00373EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42856

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

8.2CVSS5.4AI score0.00373EPSS
Exploits0References2
Rows per page
Query Builder