Lucene search
+L
Archive::tar ProjectArchive::tar

5 matches found

CVE
CVE
added 2026/05/26 12:17 a.m.556 views

CVE-2026-42496

CVE-2026-42496 affects the Archive::Tar Perl module, versions prior to 3.08. The vulnerability arises when extracting tar archives: _make_special_file() passes the tar header’s linkname to symlink() without validating against absolute paths or .. segments. The secure-extract mode protecting regul...

9.1CVSS5.8AI score0.0043EPSS
CVE
CVE
added 2018/06/07 1:0 p.m.312 views

CVE-2018-12015

CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...

7.5CVSS7.6AI score0.07343EPSS
CVE
CVE
added 2007/11/02 4:0 p.m.113 views

CVE-2007-4829

The CVE-2007-4829 entry concerns a directory-traversal flaw in the Archive::Tar Perl module (versions

6.8CVSS6.3AI score0.04322EPSS
CVE
CVE
added 2026/05/26 12:17 a.m.98 views

CVE-2026-42497

Archive::Tar for Perl versions before 3.08 contains a path traversal via hardlinks: _make_special_file() passes the tar header linkname to link() without validating absolute paths or .. segments, allowing a hardlink to attacker-controlled targets outside the extraction directory. A follow-up writ...

7.5CVSS5.8AI score0.00417EPSS
CVE
CVE
added 2026/05/26 12:18 a.m.88 views

CVE-2026-9538

CVE-2026-9538 affects Archive::Tar prior to 3.10 for Perl. A crafted tar header can set a multi‑gigabyte size, causing _read_tar() to allocate a scalar of that size, leading to memory exhaustion. The vulnerability arises from reading entry payloads with a size block derived from the header withou...

7.5CVSS5.8AI score0.00437EPSS