Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2026-33056

Medium priority

Some fixes available 4 of 52

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a...

23 affected packages

rust-tar, rustc, rustc-1.62, rustc-1.74, rustc-1.76...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rust-tar Fixed Fixed Needs evaluation
rustc Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rustc-1.62 Not in release Needs evaluation
rustc-1.74 Needs evaluation Not in release
rustc-1.76 Needs evaluation Needs evaluation Needs evaluation
rustc-1.77 Needs evaluation Needs evaluation Needs evaluation
rustc-1.78 Needs evaluation Needs evaluation Needs evaluation
rustc-1.79 Needs evaluation Needs evaluation Needs evaluation
rustc-1.80 Needs evaluation Needs evaluation Needs evaluation
rustc-1.81 Needs evaluation Needs evaluation
rustc-1.82 Needs evaluation Needs evaluation
rustc-1.83 Needs evaluation Needs evaluation
rustc-1.84 Needs evaluation Needs evaluation
rustc-1.85 Needs evaluation Needs evaluation
rustc-1.88 Not in release Not in release
rustc-1.89 Needs evaluation Needs evaluation
rustc-1.91 Needs evaluation Needs evaluation
rustc-1.92 Not in release Not in release
rustc-1.93 Not in release Not in release
cargo Not in release Needs evaluation Needs evaluation Needs evaluation
rust-cargo-c Needs evaluation Not in release
rust-async-tar Needs evaluation Not in release
rust-astral-tokio-tar Not in release Not in release
Show all 23 packages Show less packages

CVE-2026-33055

Medium priority
Needs evaluation

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518,...

1 affected package

rust-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rust-tar Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-38511

Medium priority
Needs evaluation

An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.

1 affected package

rust-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rust-tar Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2018-20990

Medium priority
Needs evaluation

An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.

1 affected package

rust-tar

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
rust-tar Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages