Arbitrary File Overwritefstream
fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file. The
fstream.DirWriter() function is vulnerable.
Upgrade to version 1.0.12 or later.
publishedAdvisory PublishedMay 15th, 2019
reportedReported by Max JusticzMay 15th, 2019