A vulnerability in the Rust library could allow attackers to steal archive entries.

The security defect is described as a desynchronization issue that occurs during the processing of nested TAR files with a specific mismatch between PAX and ustar headers. The bug could lead to remote code execution. According to Edera, the company that reported the flaw in August, the impact from this vulnerability cannot be quantified. Fixes have been provided for Astral-tokio-tar and Krata-tokio-tar, and users are being urged to switch to these patched libraries.

Read more:

https://www.securityweek.com/tarmageddon-flaw-in-popular-rust-library-leads-to-rce/