Astra Linux - уязвимость в python2.7, pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

Exploit for CVE-2025-62518

Tarmageddon CVE-2025-62518https://nvd.nist.gov/vuln/detail/...

CLSA-2025-1762535960 tar: Fix of CVE-2023-39804

CVE-2023-39804: fix crash in GNU tar caused by incorrect handling of extended PAX xattr headers leading to memory corruption DoS...

SUSE CVE-2025-62518

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

GHSA-W476-P2H3-79G9 uv has differential in tar extraction with PAX headers

Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution as a tar archive that would extract differently when installed via uv versus other Python package...

CVE-2025-62518

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization

astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...

RUSTSEC-2025-0111 `tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

`tokio-tar` parses PAX extended headers incorrectly, allows file smuggling

The archive reader incorrectly handles PAX extended headers, when the ustar header incorrectly specifies zero size size=000000000000, while a PAX header specifies a non-zero size, tokio-tar::Archive is going to read the file content as tar entry header. This can be used by a tar file to present...

SUSE CVE-2006-0300

Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service application crash and possibly execute code via unspecified vectors involving PAX extended headers...

SUSE CVE-2007-3641

archivereadsupportformattar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 1 PA...

SUSE CVE-2007-3645

archivereadsupportformattar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service crash via 1 an end-of-file condition within a tar header that follows a pax extension header or 2 a malformed pax extension header in an a PAX or a b TAR archive, which...

DEBIAN-CVE-2007-3644

archivereadsupportformattar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service infinite loop via 1 an end-of-file condition within a pax extension header or 2 a malformed pax extension header in an a PAX or a b TAR archive...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service application crash and possibly execute code via unspecified vectors involving PAX extended headers. Remediati...

Tar tape archiver buffer overflow

Buffer overflow on extended PAX headers parsing...

gtar -- invalid headers buffer overflow

GNU tar is vulnerable to a buffer overflow, caused by improper bounds checking of the PAX extended headers. By tricking an user into processing a specially crafted tar archive, this could be exploited to execute arbitrary code with the privileges of the user...