Search
Find a vulnerability
Search criteria
8 vulnerabilities by BINGOS
CVE-2011-10043 (GCVE-0-2011-10043)
Vulnerability from nvd – Published: 2026-07-07 11:46 – Updated: 2026-07-07 16:04
VLAI
EPSS
VEX
Title
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded
Summary
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.
Module names starting with "::" could be passed to the load function to specify arbitrary module paths.
Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-145 - Improper Neutralization of Section Delimiters
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.perl.org/users/michael_g_schwern/20… | technical-description |
| https://metacpan.org/release/BINGOS/Module-Load-0… | |
| https://metacpan.org/release/BINGOS/Module-Load-0… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Module::Load |
Affected:
0 , < 0.22
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2011-10043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T16:04:25.108284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T16:04:29.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Module-Load",
"product": "Module::Load",
"programFiles": [
"lib/Module/Load.pm"
],
"programRoutines": [
{
"name": "Module::Load::_to_file"
}
],
"repo": "https://github.com/jib/module-load",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.\n\nModule names starting with \"::\" could be passed to the load function to specify arbitrary module paths.\n\nAttackers able to influence module names passed to load could use that bug to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-145",
"description": "CWE-145 Improper Neutralization of Section Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T11:46:13.575Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html"
},
{
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "If you are using Perl v5.15.3 or earlier, then upgrade to Module::Load 0.22 or later.\n\nPerl versions after v5.15.4 include newer versions of Module::Load that fix this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2011-10-02T00:00:00.000Z",
"value": "General issue identified by Michael G Schwern in blog post."
},
{
"lang": "en",
"time": "2011-10-04T00:00:00.000Z",
"value": "Module::Load 0.22 released."
},
{
"lang": "en",
"time": "2011-10-20T00:00:00.000Z",
"value": "Perl v5.15.4 released with Module::Load 0.22."
}
],
"title": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2011-10043",
"datePublished": "2026-07-07T11:46:13.575Z",
"dateReserved": "2026-07-05T11:47:35.949Z",
"dateUpdated": "2026-07-07T16:04:29.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9538 (GCVE-0-2026-9538)
Vulnerability from nvd – Published: 2026-05-26 00:18 – Updated: 2026-05-28 13:16
VLAI
EPSS
VEX
Title
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Summary
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value.
A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-26T03:06:03.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/26/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-9538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:16:04.042321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:16:08.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_read_tar"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.\n\n_read_tar() reads each entry\u0027s payload with $handle-\u003eread($$data, $block), where $block is derived from the entry\u0027s 12-byte size field in the tar header with no upper bound on that value.\n\nA crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:18:43.704Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.10/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.10 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Version 3.10 released."
}
],
"title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-9538",
"datePublished": "2026-05-26T00:18:43.704Z",
"dateReserved": "2026-05-25T23:04:04.116Z",
"dateUpdated": "2026-05-28T13:16:08.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42497 (GCVE-0-2026-42497)
Vulnerability from nvd – Published: 2026-05-26 00:17 – Updated: 2026-05-28 13:14
VLAI
EPSS
VEX
Title
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Summary
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
_make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode.
A subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/17c… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-42496 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.08
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-42497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:13:55.750345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:14:01.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_make_special_file"
},
{
"name": "Archive::Tar::_extract_file"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file\u0027s inode.\n\nA subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header\u0027s mode, owner, and timestamps to the shared inode during extraction alone."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:17:50.656Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42496"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.08 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-10T00:00:00.000Z",
"value": "Version 3.06 released, disabling hardlink extraction by default."
},
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Version 3.08 released."
}
],
"title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-42497",
"datePublished": "2026-05-26T00:17:50.656Z",
"dateReserved": "2026-04-27T18:34:48.417Z",
"dateUpdated": "2026-05-28T13:14:01.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42496 (GCVE-0-2026-42496)
Vulnerability from nvd – Published: 2026-05-26 00:17 – Updated: 2026-06-30 03:15
VLAI
EPSS
VEX
Title
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Summary
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.
_make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.
A subsequent open through the extracted name reads or writes the attacker chosen path.
Severity
9.1 (Critical)
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/17c… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-42497 | related |
| https://access.redhat.com/security/cve/CVE-2026-42496 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2481314 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:30857 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30851 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30856 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30852 | vendor-advisoryx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.08
(custom)
|
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-42496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:08:28.377579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:08:37.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-26T00:17:19.110Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to arbitrary files on the system, leading to potential information disclosure or data corruption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:15:54.938Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42496"
},
{
"name": "RHBZ#2481314",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481314"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42496.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30857"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30851"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30852"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:30857: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:30851: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:30856: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:30852: Red Hat Enterprise Linux BaseOS (v. 8)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T02:00:52.414Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-26T00:17:19.110Z",
"value": "Made public."
}
],
"title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_make_special_file"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.\n\nA subsequent open through the extracted name reads or writes the attacker chosen path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:17:19.110Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42497"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.08 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Version 3.08 released."
}
],
"title": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-42496",
"datePublished": "2026-05-26T00:17:19.110Z",
"dateReserved": "2026-04-27T18:34:48.417Z",
"dateUpdated": "2026-06-30T03:15:54.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-10043 (GCVE-0-2011-10043)
Vulnerability from cvelistv5 – Published: 2026-07-07 11:46 – Updated: 2026-07-07 16:04
VLAI
EPSS
VEX
Title
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded
Summary
Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.
Module names starting with "::" could be passed to the load function to specify arbitrary module paths.
Attackers able to influence module names passed to load could use that bug to execute arbitrary code.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-145 - Improper Neutralization of Section Delimiters
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://blogs.perl.org/users/michael_g_schwern/20… | technical-description |
| https://metacpan.org/release/BINGOS/Module-Load-0… | |
| https://metacpan.org/release/BINGOS/Module-Load-0… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Module::Load |
Affected:
0 , < 0.22
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2011-10043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T16:04:25.108284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T16:04:29.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Module-Load",
"product": "Module::Load",
"programFiles": [
"lib/Module/Load.pm"
],
"programRoutines": [
{
"name": "Module::Load::_to_file"
}
],
"repo": "https://github.com/jib/module-load",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "0.22",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded.\n\nModule names starting with \"::\" could be passed to the load function to specify arbitrary module paths.\n\nAttackers able to influence module names passed to load could use that bug to execute arbitrary code."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-145",
"description": "CWE-145 Improper Neutralization of Section Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T11:46:13.575Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://blogs.perl.org/users/michael_g_schwern/2011/10/how-not-to-load-a-module-or-bad-interfaces-make-good-people-do-bad-things.html"
},
{
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/diff/BINGOS/Module-Load-0.20/lib/Module/Load.pm"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Module-Load-0.22/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "If you are using Perl v5.15.3 or earlier, then upgrade to Module::Load 0.22 or later.\n\nPerl versions after v5.15.4 include newer versions of Module::Load that fix this issue."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2011-10-02T00:00:00.000Z",
"value": "General issue identified by Michael G Schwern in blog post."
},
{
"lang": "en",
"time": "2011-10-04T00:00:00.000Z",
"value": "Module::Load 0.22 released."
},
{
"lang": "en",
"time": "2011-10-20T00:00:00.000Z",
"value": "Perl v5.15.4 released with Module::Load 0.22."
}
],
"title": "Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2011-10043",
"datePublished": "2026-07-07T11:46:13.575Z",
"dateReserved": "2026-07-05T11:47:35.949Z",
"dateUpdated": "2026-07-07T16:04:29.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9538 (GCVE-0-2026-9538)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:18 – Updated: 2026-05-28 13:16
VLAI
EPSS
VEX
Title
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header
Summary
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.
_read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value.
A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-26T03:06:03.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/26/4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-9538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:16:04.042321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:16:08.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_read_tar"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.\n\n_read_tar() reads each entry\u0027s payload with $handle-\u003eread($$data, $block), where $block is derived from the entry\u0027s 12-byte size field in the tar header with no upper bound on that value.\n\nA crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of that size."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:18:43.704Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/f9af01426038e29d9578825a0cd3626946ab08c7.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.10/changes"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.10 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Version 3.10 released."
}
],
"title": "Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-9538",
"datePublished": "2026-05-26T00:18:43.704Z",
"dateReserved": "2026-05-25T23:04:04.116Z",
"dateUpdated": "2026-05-28T13:16:08.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42497 (GCVE-0-2026-42497)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:17 – Updated: 2026-05-28 13:14
VLAI
EPSS
VEX
Title
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory
Summary
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.
_make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode.
A subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/17c… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-42496 | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.08
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-42497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:13:55.750345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:14:01.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_make_special_file"
},
{
"name": "Archive::Tar::_extract_file"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file\u0027s inode.\n\nA subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header\u0027s mode, owner, and timestamps to the shared inode during extraction alone."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:17:50.656Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42496"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.08 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-10T00:00:00.000Z",
"value": "Version 3.06 released, disabling hardlink extraction by default."
},
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Version 3.08 released."
}
],
"title": "Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-42497",
"datePublished": "2026-05-26T00:17:50.656Z",
"dateReserved": "2026-04-27T18:34:48.417Z",
"dateUpdated": "2026-05-28T13:14:01.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42496 (GCVE-0-2026-42496)
Vulnerability from cvelistv5 – Published: 2026-05-26 00:17 – Updated: 2026-06-30 03:15
VLAI
EPSS
VEX
Title
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory
Summary
Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.
_make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.
A subsequent open through the extracted name reads or writes the attacker chosen path.
Severity
9.1 (Critical)
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://github.com/jib/archive-tar-new/commit/17c… | patch |
| https://metacpan.org/release/BINGOS/Archive-Tar-3… | release-notes |
| https://www.cve.org/CVERecord?id=CVE-2026-42497 | related |
| https://access.redhat.com/security/cve/CVE-2026-42496 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2481314 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:30857 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30851 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30856 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:30852 | vendor-advisoryx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| BINGOS | Archive::Tar |
Affected:
0 , < 3.08
(custom)
|
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-42496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:08:28.377579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T13:08:37.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-26T00:17:19.110Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in perl-Archive-Tar. Versions before 3.08 for Perl are vulnerable to a path traversal issue. An attacker can craft a malicious tar archive containing symlinks with targets outside the intended extraction directory. This vulnerability allows the attacker to read or write to arbitrary files on the system, leading to potential information disclosure or data corruption."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:15:54.938Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42496"
},
{
"name": "RHBZ#2481314",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481314"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42496.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30857"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30851"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30852"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:30857: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:30851: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:30856: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:30852: Red Hat Enterprise Linux BaseOS (v. 8)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T02:00:52.414Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-26T00:17:19.110Z",
"value": "Made public."
}
],
"title": "perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Archive-Tar",
"product": "Archive::Tar",
"programFiles": [
"lib/Archive/Tar.pm"
],
"programRoutines": [
{
"name": "Archive::Tar::_make_special_file"
}
],
"repo": "https://github.com/jib/archive-tar-new",
"vendor": "BINGOS",
"versions": [
{
"lessThan": "3.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.\n\n_make_special_file() passes the tar header\u0027s linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target.\n\nA subsequent open through the extracted name reads or writes the attacker chosen path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T00:17:19.110Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/jib/archive-tar-new/commit/17c873492a05eddc0de18c1485e0b2cccd5a9158.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/BINGOS/Archive-Tar-3.08/changes"
},
{
"tags": [
"related"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42497"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Archive::Tar 3.08 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-12T00:00:00.000Z",
"value": "Issue reported."
},
{
"lang": "en",
"time": "2026-05-22T00:00:00.000Z",
"value": "Version 3.08 released."
}
],
"title": "Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2026-42496",
"datePublished": "2026-05-26T00:17:19.110Z",
"dateReserved": "2026-04-27T18:34:48.417Z",
"dateUpdated": "2026-06-30T03:15:54.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}