Lucene search
+L

88 matches found

cve
cve
added 2026/03/20 12:7 a.m.29 views

CVE-2026-32766

CVE-2026-32766 affects astral-tokio-tar

6.3CVSS5.7AI score0.00249EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.9 views

astral-tokio-tar 安全漏洞

astral-tokio-tar is an open-source Rust library developed by Astral. Versions of astral-tokio-tar 0.5.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a silent skipping of format-errors PAX extensions during the parsing of tar archives. Such behavior could potential...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References3
nessus
nessus
added 2026/03/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References4
rustsec
rustsec
added 2026/03/17 12:0 p.m.10 views

Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

6.3CVSS5.7AI score0.00249EPSS
Exploits0Affected Software1
osv
osv
added 2026/03/17 12:0 p.m.5 views

RUSTSEC-2026-0066 Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

6.3CVSS5.7AI score0.00249EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/17 12:0 a.m.18 views

PT-2026-25983

Name of the Vulnerable Software and Affected Versions astral-tokio-tar versions 0.5.6 and earlier Description astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This...

6.3CVSS5.4AI score0.00249EPSS
Exploits0References23
cnnvd
cnnvd
added 2026/02/27 12:0 a.m.18 views

uv 安全漏洞

UV is a project management tool developed by Astral. There is a security vulnerability in UV, which allows attackers to execute malicious code during the software package parsing or installation process through a specially crafted ZIP archive...

6.3CVSS6AI score0.0015EPSS
Exploits0References5
nessus
nessus
added 2026/01/16 12:0 a.m.6 views

openSUSE 16 Security Update : python-uv (openSUSE-SU-2026:20026-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20026-1 advisory. - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 -...

8.1CVSS8.6AI score0.00688EPSS
Exploits1References6
osv
osv
added 2026/01/13 12:49 p.m.6 views

SUSE-SU-2026:20077-1 Security update for python-uv

This update for python-uv fixes the following issues: - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...

8.1CVSS6.1AI score0.00688EPSS
Exploits1References5
openvas
openvas
added 2025/10/28 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-b3cc3be834)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS6.8AI score0.00202EPSS
Exploits0References2
nessus
nessus
added 2025/10/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability...

8.1CVSS6.1AI score0.00688EPSS
Exploits1References3
mscve
mscve
added 2025/10/25 2:1 p.m.6 views

astral-tokio-tar Vulnerable to PAX Header Desynchronization

...

8.1CVSS7AI score0.00688EPSS
Exploits1
thn
thn
added 2025/10/22 7:5 a.m.5 views

TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution

Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 CVSS score: 8.1, has been...

8.1CVSS9AI score0.00688EPSS
Exploits1
nvd
nvd
added 2025/10/21 5:15 p.m.10 views

CVE-2025-62518

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS0.00688EPSS
Exploits1References5
osv
osv
added 2025/10/21 5:15 p.m.5 views

UBUNTU-CVE-2025-62518

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS7.2AI score0.00688EPSS
Exploits1References8
euvd
euvd
added 2025/10/21 4:13 p.m.4 views

EUVD-2025-35176

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS6.4AI score0.00688EPSS
Exploits1References6
osv
osv
added 2025/10/21 4:13 p.m.6 views

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS6.8AI score0.00688EPSS
Exploits1References7
debiancve
debiancve
added 2025/10/21 4:13 p.m.6 views

CVE-2025-62518

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS5.7AI score0.00688EPSS
Exploits1
vulnrichment
vulnrichment
added 2025/10/21 4:13 p.m.1 views

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

8.1CVSS6.5AI score0.00688EPSS
Exploits1References5
cve
cve
added 2025/10/21 4:13 p.m.74 views

CVE-2025-62518

Vulnerability CVE-2025-62518 affects astral-tokio-tar

8.1CVSS6.5AI score0.00688EPSS
Exploits1References5
Rows per page
Query Builder