5 matches found
CVE-2026-42496
CVE-2026-42496 affects the Archive::Tar Perl module, versions prior to 3.08. The vulnerability arises when extracting tar archives: _make_special_file() passes the tar header’s linkname to symlink() without validating against absolute paths or .. segments. The secure-extract mode protecting regul...
CVE-2018-12015
CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...
CVE-2007-4829
The CVE-2007-4829 entry concerns a directory-traversal flaw in the Archive::Tar Perl module (versions
CVE-2026-42497
Archive::Tar for Perl versions before 3.08 contains a path traversal via hardlinks: _make_special_file() passes the tar header linkname to link() without validating absolute paths or .. segments, allowing a hardlink to attacker-controlled targets outside the extraction directory. A follow-up writ...
CVE-2026-9538
CVE-2026-9538 affects Archive::Tar prior to 3.10 for Perl. A crafted tar header can set a multi‑gigabyte size, causing _read_tar() to allocate a scalar of that size, leading to memory exhaustion. The vulnerability arises from reading entry payloads with a size block derived from the header withou...