EUVD-2026-31774

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar header's linkname to symlink without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular...

CLSA-2026-1777545539 Fix of 6 CVEs

SECURITY UPDATE: fix quadratic complexity in http cookie parsing with backslash escapes - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in http cookie parsing with backslash escapes - CVE-2024-7592 SECURITY UPDATE: reject leading dashes in webbrowser URLs and %action substitution...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the UploadAllFiles function during S3 restore operations when processing tar headers from a supplied backup archive. An attacker can cause the daemon to crash and disrupt the contr...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

Unbounded memory consumption when reading headers in archive/tar

...

Google Golang 安全漏洞

Google Golang is a statically strongly typed, compiled language from Google, Inc. Go's syntax is close to that of C, but differs for variable declarations. go supports garbage collection features. go's parallel model is based on Tony Hall's Communication Sequential Process CSP. other languages th...