88 matches found
CVE-2026-32766
CVE-2026-32766 affects astral-tokio-tar
astral-tokio-tar 安全漏洞
astral-tokio-tar is an open-source Rust library developed by Astral. Versions of astral-tokio-tar 0.5.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a silent skipping of format-errors PAX extensions during the parsing of tar archives. Such behavior could potential...
Linux Distros Unpatched Vulnerability : CVE-2026-32766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when...
Insufficient validation of PAX extensions during extraction
In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...
RUSTSEC-2026-0066 Insufficient validation of PAX extensions during extraction
In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...
PT-2026-25983
Name of the Vulnerable Software and Affected Versions astral-tokio-tar versions 0.5.6 and earlier Description astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This...
uv 安全漏洞
UV is a project management tool developed by Astral. There is a security vulnerability in UV, which allows attackers to execute malicious code during the software package parsing or installation process through a specially crafted ZIP archive...
openSUSE 16 Security Update : python-uv (openSUSE-SU-2026:20026-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20026-1 advisory. - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 -...
SUSE-SU-2026:20077-1 Security update for python-uv
This update for python-uv fixes the following issues: - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...
Fedora: Security Advisory (FEDORA-2025-b3cc3be834)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2025-62518
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability...
astral-tokio-tar Vulnerable to PAX Header Desynchronization
...
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 CVSS score: 8.1, has been...
CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
UBUNTU-CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
EUVD-2025-35176
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...
CVE-2025-62518
Vulnerability CVE-2025-62518 affects astral-tokio-tar