CNNVD-202509-3800 Information

CNNVD ID

CNNVD-202509-3800

Related CVE

CVE-2025-59343

• CNNVD Published: 2025-09-24

Description (Chinese)

tar-fs是Mathias Buus个人开发者的一款tar-stream的文件系统绑定。 tar-fs 3.1.1之前版本、2.1.3版本和1.16.5版本存在安全漏洞，该漏洞源于可预测目标目录时可能绕过符号链接验证。

Description (English)

Tar-fs is a document system bound by Tar-stream of Mathias Buus personal developers. There is a security loophole in previous versions of tar-fs 3.1.1, Version 2.1.3 and Version 1.16.5, which stems from the possibility of bypassing the symbol link verification when the predictable target catalogue is available.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09 https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v

Patch

https://github.com/mafintosh/tar-fs/tags