High severityNVD Advisory· Published Aug 26, 2019· Updated Aug 5, 2024
CVE-2018-20990
CVE-2018-20990
Description
An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tarcrates.io | < 0.4.16 | 0.4.16 |
Affected products
2- Rust/tar cratedescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2367-c296-3mp2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20990ghsaADVISORY
- github.com/alexcrichton/tar-rs/commit/54651a87ae6ba7d81fcc72ffdee2ea7eca2c7e85ghsaWEB
- github.com/alexcrichton/tar-rs/pull/156ghsaWEB
- rustsec.org/advisories/RUSTSEC-2018-0002.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.