Nixpkgs security tracker
NIXPKGS-2026-1729
GitHub issue
published on
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
6 packages
- haskellPackages.archive-tar
- perlPackages.ArchiveTarWrapper
- perl540Packages.ArchiveTar
- perl5Packages.ArchiveTarWrapper
- perl538Packages.ArchiveTarWrapper
- perl540Packages.ArchiveTarWrapper
- @LeSuisse restored package perl540Packages.ArchiveTar
- @LeSuisse accepted
- @LeSuisse published on GitHub
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.
References
Affected products
Archive-Tar
- <3.08
Matching in nixpkgs
pkgs.perlPackages.ArchiveTar
Manipulates TAR archives
pkgs.perl5Packages.ArchiveTar
Manipulates TAR archives
pkgs.perl538Packages.ArchiveTar
Manipulates TAR archives
pkgs.perl540Packages.ArchiveTar
Manipulates TAR archives
Ignored packages (5)
pkgs.haskellPackages.archive-tar
Common interface using the tar package
pkgs.perlPackages.ArchiveTarWrapper
API wrapper around the 'tar' utility
pkgs.perl5Packages.ArchiveTarWrapper
API wrapper around the 'tar' utility
pkgs.perl538Packages.ArchiveTarWrapper
API wrapper around the 'tar' utility
pkgs.perl540Packages.ArchiveTarWrapper
API wrapper around the 'tar' utility