Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Isaacs
Isaacs tar |
|
| Vendors & Products |
Isaacs
Isaacs tar |
Fri, 10 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-170 | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is fixed in version 7.5.17. | |
| Title | node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records | |
| Weaknesses | CWE-248 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-09T13:45:44.160Z
Reserved: 2026-07-07T15:41:53.607Z
Link: CVE-2026-59875
Updated: 2026-07-09T13:44:17.889Z
No data.
OpenCVE Enrichment
Updated: 2026-07-10T14:45:15Z