Bnbdr

**Name of the Vulnerable Software and Affected Versions** tar-fs versions 0.0.0 through 1.16.3 tar-fs versions 2.0.0 through 2.1.1 tar-fs versions 3.0.0 through 3.0.7 **Description** This issue is related to an Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). The vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. **Recommendations** For tar-fs versions 0.0.0 through 1.16.3, update to version 1.16.4 or later. For tar-fs versions 2.0.0 through 2.1.1, update to version 2.1.2 or later. For tar-fs versions 3.0.0 through 3.0.7, update to version 3.0.8 or later. As a temporary workaround, consider disabling the extraction of tar files until a patch is available. Restrict access to the index.js file in the tar-fs package to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 2.9.0 **Description** A heap overflow issue exists in the `read module referenced functions` function in `libr/anal/flirt.c` due to a crafted flirt signature file. **Recommendations** For versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue.