CVE-2018-20990: Arbitrary file overwrite in tar-rs
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.52847%
CWE
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
tar | rust | < 0.4.16 | 0.4.16 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from two key issues: 1) Inadequate validation of hard link destinations in unpack_in allowed escaping the target directory via canonicalization checks. The commit added validate_inside_dst to address this. 2) The regular file unpack path didn't remove existing files first, enabling symlink/hardlink attacks. The patch added explicit file removal before creation. Both issues are clearly shown in the diff modifying entry.rs's unpack logic and hard link handling.