5 matches found
ALPINE-CVE-2026-33056
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
CVE-2026-33056
tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...
CVE-2026-33056
The tar-rs Rust library (versions
tar-rs 安全漏洞
tar-rs is a Rust library for reading and writing tar archive files, developed by Alex Crichton. Versions of tar-rs prior to 0.4.44 contain security vulnerabilities. These vulnerabilities stem from defects in the unpackdir function, which handles symbolic links. Such defects could lead to arbitrar...
RUSTSEC-2026-0067 `unpack_in` can chmod arbitrary directories by following symlinks
In versions 0.4.44 and below of tar-rs, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadatafs-metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a...