CVE-2018-20835

Name of the Vulnerable Software and Affected Versions: tar-fs versions prior to 1.16.2

Description: A vulnerability exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink, allowing an Arbitrary File Overwrite issue. This occurs because the plain file content replaces the existing file content.

Recommendations: For versions prior to 1.16.2, update to version 1.16.2 or later to resolve the issue.