Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.3 views

Fedora 44 : rustup (2026-89d4b6644b)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-89d4b6644b advisory. Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

6.5CVSS6AI score0.00379EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.5 views

Fedora 45 : rustup (2026-49ec7a73a3)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-49ec7a73a3 advisory. Automatic update for rustup-1.29.0-2.fc45. Changelog Sun Mar 22 2026 Benjamin A. Beasley - 1.29.0-2 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Fixes...

6.5CVSS5.9AI score0.00379EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/21 12:0 a.m.9 views

Fedora 45 : maturin / python-fastar / python-uv-build / rust-astral-tokio-tar / etc (2026-c6c01a71f2)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-c6c01a71f2 advisory. Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45 to 0.4.45, fixing CVE-2026-33056. Update uv and...

6.5CVSS5.9AI score0.00379EPSS
Exploits1References3
NVD
NVD
added 2026/03/20 7:16 a.m.5 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS0.00397EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 7:16 a.m.4 views

DEBIAN-CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS5.4AI score0.00397EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/03/20 7:11 a.m.3 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:6 a.m.8 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7.3AI score0.00688EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2026/03/20 7:6 a.m.7 views

CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

5.1CVSS5.8AI score0.00688EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2026/03/20 7:6 a.m.5 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS5.3AI score0.00397EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.9 views

CVE-2026-33055

tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the...

8.1CVSS7AI score0.00397EPSS
Exploits1References4
Fedora
Fedora
added 2025/11/03 1:7 a.m.8 views

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.5.6-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

8.1CVSS7AI score0.00688EPSS
Exploits1
OSV
OSV
added 2025/10/21 12:0 p.m.6 views

RUSTSEC-2025-0110 astral-tokio-tar Vulnerable to PAX Header Desynchronization

Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrect...

8.1CVSS7AI score0.00688EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:50 a.m.5 views

CVE-2018-20990

An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...

7.5CVSS6.8AI score0.01676EPSS
Exploits0References1
OSV
OSV
added 2019/08/26 1:15 p.m.18 views

UBUNTU-CVE-2018-20990

An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive...

7.5CVSS7.1AI score0.01676EPSS
Exploits0References3
Rows per page
Query Builder