this post was submitted on 21 Oct 2025
35 points (100.0% liked)

Rust

7438 readers
41 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
EdTheLegendary@programming.dev
kahnclusions@programming.dev
torcherist@programming.dev
35
TARmageddon Strikes: High Profile Security Vulnerability In Popular Rust Library (www.phoronix.com)
submitted 4 days ago by cm0002@lemmy.zip to c/rust@programming.dev
4 comments fedilink hide all child comments
 

Going public today is CVE-2025-62518, or better known by the name given by the security researchers involved: TARmageddon. The TARmageddon vulnerability affects the popular async-tar Rust library and its various forks like tokio-tar. In turn TARmageddon impacts the uv Python package manager and other users of this library.

Edera made public today their discovery of a critical boundary-parsing bug in the async-tar Rust library and downstream forks like tokio-tar. TARmageddon is rated as a "high" severity bug and can lead to remote code execution through file overwriting attacks.

you are viewing a single comment's thread
view the rest of the comments
[–] StripedMonkey@lemmy.zip 7 points 3 days ago (2 children)

Phoronix comment sections never fail to be cesspools

[–] Qwel@sopuli.xyz 4 points 3 days ago (1 children)

Someone should train an llm on these guys

[–] MadhuGururajan@programming.dev 2 points 3 days ago

god no. some of the comments are so misinformed that i wonder whether they are actual software people at all.

No language can catch a logic bug.