Nixpkgs security tracker
NIXPKGS-2026-1729
GitHub issue
published 2 weeks, 4 days ago
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
6 packages
- haskellPackages.archive-tar
- perlPackages.ArchiveTarWrapper
- perl540Packages.ArchiveTar
- perl5Packages.ArchiveTarWrapper
- perl538Packages.ArchiveTarWrapper
- perl540Packages.ArchiveTarWrapper
- @LeSuisse restored package perl540Packages.ArchiveTar
- @LeSuisse accepted
- @LeSuisse published on GitHub
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.
References
Affected products
Archive-Tar
- <3.08
Matching in nixpkgs
pkgs.perlPackages.ArchiveTar
Manipulates TAR archives
pkgs.perl5Packages.ArchiveTar
Manipulates TAR archives
pkgs.perl538Packages.ArchiveTar
None
pkgs.perl540Packages.ArchiveTar
None
Ignored packages (5)
pkgs.haskellPackages.archive-tar
Common interface using the tar package
pkgs.perlPackages.ArchiveTarWrapper
API wrapper around the 'tar' utility
pkgs.perl5Packages.ArchiveTarWrapper
API wrapper around the 'tar' utility
pkgs.perl538Packages.ArchiveTarWrapper
None
pkgs.perl540Packages.ArchiveTarWrapper
None