In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
After analysis, the issue stems from a lack of checking if a symlink was outside of the archive. Since this check was not made, symlinks could be followed outside of the archive and lead to modification of the filesystem outside of the archive which could result in affecting existing files or creation of new files.
Created php-pear tracking bugs for this issue:
Affects: fedora-all [bug 1989558]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2022:7628 https://access.redhat.com/errata/RHSA-2022:7628