Threat Encyclopedia

TAR.Archive.Arbitrary.File.Overwrite

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Overwrite Vulnerability in applications that handles TAR archive files.
The vulnerability is due to improper validation of file names inside TAR files. A remote attacker can exploit this vulnerability by sending a malicious TAR to applications which has malformed file name. Successful exploitation could result in arbitrary file overwrite in the target user's system.

affected-products-logoAffected Products

The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4

CVE References

CVE-2021-32804