2 matches found
UBUNTU-CVE-2026-33056
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during the image unpack process. An attacker can modify the host file system by exploiting the time gap between checking and using a file or resource. Workarounds 1. Verify image integrity...