IT leaders should also scan their applications to see if any were developed in Rust and are at risk.
Why is it critical?
TAR files are used on Unix and Linux systems to group multiple directories and files into one file that preserves the complete directory structure and metadata of the original information, explains Robert Beggs, director of Canadian incident response firm DigitalDefence. Archive files are commonly used in backups or to package software for purposes such as distributing source code.
Because of the way particular versions of the TAR libraries have been written, a potential vulnerability exists, he said in an email to CSO, noting: “In the worst case, it would allow an attacker to execute arbitrary code on a host system and perform malicious actions, such as overwriting critical files (config files, build scripts) or gaining unauthorized access to the file system.” The exploit could also compromise any system that extracts files from the malicious TAR.
#vulnerability #Rust #library
