Miggo Logo

CVE-2018-20990: Arbitrary file overwrite in tar-rs

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.52847%
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
tarrust< 0.4.160.4.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key issues: 1) Inadequate validation of hard link destinations in unpack_in allowed escaping the target directory via canonicalization checks. The commit added validate_inside_dst to address this. 2) The regular file unpack path didn't remove existing files first, enabling symlink/hardlink attacks. The patch added explicit file removal before creation. Both issues are clearly shown in the diff modifying entry.rs's unpack logic and hard link handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n unp**kin* * t*r**ll wit* t** unp**k_in-**mily o* *un*tions it's int*n*** t**t only *il*s wit*in t** sp**i*i** *ir**tory *r* **l* to ** writt*n. T*r**lls wit* **r* links or symlinks, *ow*v*r, **n ** us** to ov*rwrit* *ny *il* on t** *il*syst*m. T

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s: *) In***qu*t* v*li**tion o* **r* link **stin*tions in unp**k_in *llow** *s**pin* t** t*r**t *ir**tory vi* **noni**liz*tion ****ks. T** *ommit ***** v*li**t*_insi**_*st to ***r*ss t*is. *) T** r**ul*r *il