Lucene search
K

CVE-2025-62518

šŸ—“ļøĀ 21 Oct 2025Ā 16:13:02Reported byĀ GitHub_MTypeĀ 
cve
Ā cve
šŸ”—Ā web.nvd.nist.govšŸ“°ļøĀ 13Ā Media mentionsšŸ‘Ā 68Ā Views🌐 WEB

Older astral-tokio-tar versions before 0.5.6 are vulnerable to PAX header desynchronization; patch in 0.5.6; no workarounds.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-33055
20 Mar 202607:06
–attackerkb
Amazon
Medium: rust
14 Apr 202600:00
–amazon
Amazon
Medium: clamav1.5
13 Apr 202600:00
–amazon
Amazon
Medium: rust-cargo-c
13 Apr 202600:00
–amazon
Amazon
Medium: rust-below
13 Apr 202600:00
–amazon
Amazon
Medium: rust
13 Apr 202600:00
–amazon
BDU FSTEC
The vulnerability of the astral-tokio-tar library for reading/writing tar archives, related to data type conversion errors, allows a hacker to execute arbitrary code.
5 Dec 202500:00
–bdu_fstec
Chainguard
CVE-2025-62518 vulnerabilities
22 Oct 202513:25
–cgr
Circl
CVE-2025-62518
21 Oct 202514:28
–circl
CNNVD
astral-tokio-tar å®‰å…Øę¼ę“ž
21 Oct 202500:00
–cnnvd
Rows per page
Vulners
Node
[
  {
    "vendor": "astral-sh",
    "product": "tokio-tar",
    "versions": [
      {
        "version": "< 0.5.6",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pathpathvulnerable-extractBoundary parsing vulnerability in astral-tokio-tar prior to 0.5.6 allows tar smuggling via PAX/ustar header handling when extracting archives.CWE-843

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:52Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.18.1
EPSS0.00688
SSVC
68