In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-04-07T18:20:12

Updated: 2024-08-03T05:11:43.529Z

Reserved: 2022-03-07T00:00:00

Link: CVE-2022-26612

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-07T19:15:08.917

Modified: 2024-11-21T06:54:11.850

Link: CVE-2022-26612

cve-icon Redhat

Severity : Important

Publid Date: 2022-04-07T00:00:00Z

Links: CVE-2022-26612 - Bugzilla