Количество 7
Количество 7
CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
CVE-2025-62518
astral-tokio-tar Vulnerable to PAX Header Desynchronization
CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Ru ...
GHSA-j5gw-2vrg-8fgx
astral-tokio-tar Vulnerable to PAX Header Desynchronization
BDU:2025-15219
Уязвимость библиотеки для чтения/записи tar-архивов astral-tokio-tar, связанная с ошибками преобразования типов данных, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2026:20026-1
Security update for python-uv
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-62518 astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds. | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | CVE-2025-62518 astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds. | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | CVE-2025-62518 astral-tokio-tar Vulnerable to PAX Header Desynchronization | 0% Низкий | 3 месяца назад | |
| CVE-2025-62518 astral-tokio-tar is a tar archive reading/writing library for async Ru ... | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
| GHSA-j5gw-2vrg-8fgx astral-tokio-tar Vulnerable to PAX Header Desynchronization | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | BDU:2025-15219 Уязвимость библиотеки для чтения/записи tar-архивов astral-tokio-tar, связанная с ошибками преобразования типов данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.1 | 0% Низкий | 4 месяца назад |
 | openSUSE-SU-2026:20026-1 Security update for python-uv | 23 дня назад |
Уязвимостей на страницу