Fluid Attacks Database

Description

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	perl	=5.36.0-10 \|\| =5.36.0-7 \|\| =5.36.0-7+deb12u1 \|\| =5.36.0-7+deb12u2 \|\| =5.36.0-7+deb12u3 \|\| =5.36.0-8 \|\| =5.36.0-9 \|\| =5.38.0-1 \|\| =5.38.0-2 \|\| =5.38.0~rc2-1 \|\| =5.38.2-1 \|\| =5.38.2-2 \|\| =5.38.2-3 \|\| =5.38.2-3.1 \|\| =5.38.2-3.2 \|\| =5.38.2-3.2+hurd.1 \|\| =5.38.2-4 \|\| =5.38.2-5 \|\| =5.40.0-1 \|\| =5.40.0-2 \|\| =5.40.0-3 \|\| =5.40.0-4 \|\| =5.40.0-5 \|\| =5.40.0-6 \|\| =5.40.0-7 \|\| =5.40.0-8 \|\| =5.40.0~rc1-1 \|\| =5.40.1-1 \|\| =5.40.1-2 \|\| =5.40.1-3 \|\| =5.40.1-4 \|\| =5.40.1-5 \|\| =5.40.1-6 \|\| =5.40.1-7 \|\| =5.42.0-1 \|\| =5.42.0-2 \|\| =5.42.0-3 \|\| =5.42.2-1
debian 11	perl	=5.32.1-4 \|\| =5.32.1-4+deb11u1 \|\| =5.32.1-4+deb11u2 \|\| =5.32.1-4+deb11u3 \|\| =5.32.1-4+deb11u4 \|\| =5.32.1-4+deb11u5 \|\| =5.32.1-5 \|\| =5.32.1-6 \|\| =5.34.0-1 \|\| =5.34.0-2 \|\| =5.34.0-3 \|\| =5.34.0-4 \|\| =5.34.0-5 \|\| =5.34.0~rc2-1 \|\| =5.36.0-1 \|\| =5.36.0-10 \|\| =5.36.0-2 \|\| =5.36.0-3 \|\| =5.36.0-4 \|\| =5.36.0-5 \|\| =5.36.0-6 \|\| =5.36.0-7 \|\| =5.36.0-8 \|\| =5.36.0-9 \|\| =5.38.0-1 \|\| =5.38.0-2 \|\| =5.38.0~rc2-1 \|\| =5.38.2-1 \|\| =5.38.2-2 \|\| =5.38.2-3 \|\| =5.38.2-3.1 \|\| =5.38.2-3.2 \|\| =5.38.2-3.2+hurd.1 \|\| =5.38.2-4 \|\| =5.38.2-5 \|\| =5.40.0-1 \|\| =5.40.0-2 \|\| =5.40.0-3 \|\| =5.40.0-4 \|\| =5.40.0-5 \|\| =5.40.0-6 \|\| =5.40.0-7 \|\| =5.40.0-8 \|\| =5.40.0~rc1-1 \|\| =5.40.1-1 \|\| =5.40.1-2 \|\| =5.40.1-3 \|\| =5.40.1-4 \|\| =5.40.1-5 \|\| =5.40.1-6 \|\| =5.40.1-7 \|\| =5.42.0-1 \|\| =5.42.0-2 \|\| =5.42.0-3 \|\| =5.42.2-1
debian 14	perl	=5.40.1-6 \|\| =5.40.1-7 \|\| =5.42.0-1 \|\| =5.42.0-2 \|\| =5.42.0-3 \|\| =5.42.2-1
debian 13	perl	=5.40.1-6 \|\| =5.40.1-7 \|\| =5.42.0-1 \|\| =5.42.0-2 \|\| =5.42.0-3 \|\| =5.42.2-1
rpm rhel10	perl-Archive-Tar	-
rpm rhel7	perl-Archive-Tar	-
rpm rhel9	perl-Archive-Tar	-
rpm rhel8	perl-Archive-Tar	-

Aliases

1. CVE-2026-424962. NVD-2026-424963. OSV-DEBIAN-2026-424964. OSV-2026-424965. SECURITY-TRACKER-CVE-2026-42496

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.