this post was submitted on 21 Oct 2025
31 points (97.0% liked)

Rust

7444 readers
18 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev
31
TARmageddon Strikes: High Profile Security Vulnerability In Popular Rust Library (www.phoronix.com)
submitted 1 week ago by cm0002@lemmy.zip to c/rust@programming.dev
4 comments fedilink hide all child comments
 

Going public today is CVE-2025-62518, or better known by the name given by the security researchers involved: TARmageddon. The TARmageddon vulnerability affects the popular async-tar Rust library and its various forks like tokio-tar. In turn TARmageddon impacts the uv Python package manager and other users of this library.

Edera made public today their discovery of a critical boundary-parsing bug in the async-tar Rust library and downstream forks like tokio-tar. TARmageddon is rated as a "high" severity bug and can lead to remote code execution through file overwriting attacks.

you are viewing a single comment's thread
view the rest of the comments
[–] MadhuGururajan@programming.dev 2 points 1 week ago

god no. some of the comments are so misinformed that i wonder whether they are actual software people at all.

No language can catch a logic bug.