{"id":"OSEC-2026-08","summary":"Path traversal vulnerability in ocaml-tar","details":"A malicious archive with `../` path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway.\nThe impact is that it allows arbitrary file write outside of the desired extraction directory to an attacker that can reach a tar decompression endpoint. In terms of severity, similar vulnerabilities in different ecosystems (python, node, go) have been assigned CVSS scores of 6.8 MEDIUM, 7.1 HIGH, and 8.2 HIGH.\n\n## Details\n\nFunction `Tar_unix.extract` uses `Filename.concat`.\n\n```OCaml\nlet extract ?(filter = fun _ -\u003e true) ~src dst =\n  let f ?global:_ hdr () =\n    if filter hdr then\n      match hdr.Tar.Header.link_indicator with\n      | Tar.Header.Link.Normal -\u003e\n        begin match Result.map_error unix_err_to_msg\n            (safe Unix.(openfile (Filename.concat dst hdr.Tar.Header.file_name)\n                          [ O_WRONLY ; O_CREAT ]) hdr.Tar.Header.file_mode) with\n        | Error _ as err -\u003e Tar.return err\n        | Ok dst -\u003e\n          try copy ~dst_fd:dst (Int64.to_int hdr.Tar.Header.file_size)\n          with exn -\u003e safe_close dst; Tar.return (Error (`Exn exn))\n        end\n        (* TODO set owner / mode / mtime etc. *)\n      | _ -\u003e\n        (* TODO handle directories, links, etc. *)\n        let open Tar.Syntax in\n        let* () = Tar.seek (Int64.to_int hdr.Tar.Header.file_size) in\n        Tar.return (Ok ())\n    else\n      let open Tar.Syntax in\n      let* () = Tar.seek (Int64.to_int hdr.Tar.Header.file_size) in\n      Tar.return (Ok ())\n  in\n  fold f src ()\n```\n\n`Filename.concat` does not perform any sanitation:\n\n```\n# Filename.concat \"/tmp\" \"../../../etc/passwd\";;\n- : string = \"/tmp/../../../etc/passwd\"\n```\n\nHence, calling `Unix.openfile` on such a path will result in opening `/etc/passwd`.\n\nI only confirmed it in the following setting (see PoC below), and a proper fix would require investigating it in more details:\n\nversion targeted: 3.3.0, which seems to be the only version of ocaml-tar. But use of `Filename.concat` seems to have been there since the beginning.\n\n## Impact\n\nThis is a path traversal vulnerability that allows an attacker to perform an arbitrary file write outside of the intended extraction directory.\nVulnerable users are the users relying on ocaml-tar, which includes (according to the readme of ocaml-tar):\n\n- xapi (confirmed not vulnerable by maintainers)\n- obuilder\n\nRelated CVEs\n\n- CVE-2007-4559: same problem in python's implementation of tar\n- CVE-2025-0377: similar problem in hashicorp's go implementation of tar\n- CVE-2026-24842: similar problem in node-tar\n\n## Fix\n\nThe fix is to sanitize paths before calling `Unix.openfile`. In the presence of symlink support, extra validation is needed.\n\n## Timeline\n\n- 2026-05-07: reported via GitHub (on https://github.com/ocaml/security-advisories)\n- 2025-05-20: initial fix developed and asked for review, also informed xapi and obuilder teams\n- 2025-05-22: fixed tar released, security advisory announced","aliases":["CVE-2026-45390"],"modified":"2026-05-22T21:15:04.511594668Z","published":"2026-05-22T20:55:00Z","database_specific":{"human_link":"https://github.com/ocaml/security-advisories/tree/main/advisories/2026/OSEC-2026-08.md","osv":"https://github.com/ocaml/security-advisories/tree/generated-osv/2026/OSEC-2026-08.json","cwe":["CWE-22","CWE-61"]},"affected":[{"package":{"name":"tar","ecosystem":"opam","purl":"pkg:opam/tar"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.0"}]},{"type":"GIT","repo":"https://github.com/mirage/ocaml-tar","events":[{"introduced":"0"},{"fixed":"51ceb0a15982993503c169b9d84456fd50eabe99"}]}],"versions":["0.8.0","0.9.0","1.0.0","1.0.1","1.1.0","2.0.0","2.0.1","2.1.0","2.2.0","2.2.1","2.2.2","2.3.0","2.4.0","2.5.0","2.5.1","2.6.0","3.0.0","3.1.1","3.1.2","3.2.0","3.3.0","v3.4.0","v3.3.0","v3.1.1","V3.1.0","v2.4.0","v2.3.0","v2.2.2","v2.2.1","v2.2.0","v2.0.0","v1.1.0","v1.0.1","v1.0.0","v0.9.0","v0.8.0","v0.7.1","v0.7.0","v0.6.1","v0.6.0","v0.5.1","v0.5.0","v0.4.2","v0.4.1","v0.4.0","0.3.0"],"ecosystem_specific":{"opam_constraint":"tar {\u003c \"3.5.0\"}"},"database_specific":{"source":"https://github.com/ocaml/security-advisories/blob/generated-osv/2026/OSEC-2026-08.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"}],"credits":[{"name":"Quentin Stiévenart","type":"REPORTER"},{"name":"Reynir Björnsson","type":"REMEDIATION_DEVELOPER"},{"name":"Anil Madhavapeddy","type":"REMEDIATION_DEVELOPER"},{"name":"Hannes Mehnert","type":"COORDINATOR"}]}