CVE-2025-64346

Name of the Vulnerable Software and Affected Versions archives version 1.0.0

Description archives is a Go library used for extracting archives such as tar and zip files. Version 1.0.0 does not adequately prevent a malicious user from providing a specially crafted archive that could lead to Remote Code Execution (RCE), file modification, or other harmful actions. The severity of the issue depends on the user's permissions, the environment, and how arbitrary archives are handled. The issue arises from improper limitation of a pathname to a restricted directory, allowing for potential path traversal.

Recommendations Update to version 1.0.1 or later.