CVE-2022-26612— Arbitrary file write in FileUtil#unpackEntries on Windows
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-26612
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary file write in FileUtil#unpackEntries on Windows
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Hadoop 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Hadoop是美国阿帕奇(Apache)基金会的一套开源的分布式系统基础架构。该产品能够对大量数据进行分布式处理,并具有高可靠性、高扩展性、高容错性等特点。 Apache Hadoop 存在后置链接漏洞,该漏洞源于 TAR 条目可能会在指向外部目录的预期提取目录下创建符号链接,并使用符号链接名称将任意文件提取到外部目录中。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Hadoop | unspecified ~ 3.2.3 | - |
II. Public POCs for CVE-2022-26612
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-26612
请登录查看更多情报信息。
- https://lists.apache.org/thread/hslo7wzw2449gv1jyjk8g6ttd7935fyzx_refsource_MISC
- https://security.netapp.com/advisory/ntap-20220519-0004/x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2022-26612
IV. Related Vulnerabilities
Same product: Apache Hadoop
- CVE-2024-23454
Apache Hadoop: Temporary File Local Information Disclosure - CVE-2023-26031
Privilege escalation in Apache Hadoop Yarn container-executo - CVE-2021-25642
Apache Hadoop YARN remote code execution in ZKConfigurationS - CVE-2022-25168
Command injection in org.apache.hadoop.fs.FileUtil.unTarUsin - CVE-2021-33036
Apache Hadoop Privilege escalation vulnerability
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
V. Comments for CVE-2022-26612
No comments yet