Skip to main content

Tar Rs

1 CVEs product

Monthly

CVE-2026-33055 Cargo HIGH PATCH This Week

The tar-rs Rust library versions 0.4.44 and below contain a logic flaw where PAX (POSIX.1-2001) size headers are conditionally skipped when the base tar header size is nonzero, causing the library to parse tar archives differently than other standard tar implementations like Go's archive/tar. This discrepancy allows an attacker to craft malicious tar archives that appear different when unpacked by tar-rs versus other parsers, potentially leading to information disclosure or file confusion attacks. The vulnerability affects any application using tar-rs to parse untrusted archives and expecting consistent behavior with other tar parsers, with a moderate CVSS score of 5.1 indicating low attack complexity and network accessibility.

Information Disclosure Memory Corruption Tar Rs
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

The tar-rs Rust library versions 0.4.44 and below contain a logic flaw where PAX (POSIX.1-2001) size headers are conditionally skipped when the base tar header size is nonzero, causing the library to parse tar archives differently than other standard tar implementations like Go's archive/tar. This discrepancy allows an attacker to craft malicious tar archives that appear different when unpacked by tar-rs versus other parsers, potentially leading to information disclosure or file confusion attacks. The vulnerability affects any application using tar-rs to parse untrusted archives and expecting consistent behavior with other tar parsers, with a moderate CVSS score of 5.1 indicating low attack complexity and network accessibility.

Information Disclosure Memory Corruption Tar Rs
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy