TARmageddon with Alex Zenla Josh discusses the TARmageddon vulnerability with Alex Zenla, CTO of Edera. In this episode, we explore the discovery of the TARmageddon vulnerability. It’s especially interesting because it’s Rust, b...

This episode of #OpenSourceSecurity I chat with @alex.zenla.io from @edera.dev about the #TARmageddon vulnerability they found

I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one

TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.

🪤 TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware

#TARmageddon #CVE202562518 #rust #rce #cybersecurity
edera.dev/stories/tarm...

HAS RUST FALLEN INTO THE TAR PIT?

Rust hacked ... Tarmageddon!

#security #computer #rust #tokyo_tar #blocking_io #errtlings #bookcafe #hack #libraries #maintenance #archive_smuggling #tarmageddon #attack

www.youtube.com/watch?v=tC08...

TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.

Fortunately for us, #TARmageddon is a bit difficult to exploit, keeping even the worst-case CVSS base score at 8.1. Unfortunately though, there are a *lot* of forks ⑂ -- including some popular but unmaintained forks like `tokio-tar`.

Read more from Edera, who discovered the issue: buff.ly/Bo31dPj

Ready for a new Branded Vulnerability™? #TARmageddon (CVE-2025-62518) affects the #Rust ecosystem's may forks of `async-tar`; it's a parsing bug for the .tar file format that allows all kinds of shenanigans: at worst even #RCE (Remote Code Execution).
#CyberSecurity #SupplyChainSecurity #SCA

📰 TARmageddon: Celah Kritis pada Perpustakaan Rust yang Terabaikan Bisa Menyebabkan RCE

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/10/23/tarmageddon-a...

#async-tar #cve-2025-62518 #kerentanan #open-source #rust #security #supply #chain #tarmageddon #toki

Critical flaw in async-tar Rust library (CVE-2025-62518) could lead to remote code execution. Users urged to migrate to patched versions. #CyberSecurity #RustLang #AsyncTar #TARmageddon Link: thedailytechfeed.com/critical-vul...

Awakari App

TARmageddon Flaw in Popular Rust Library Leads to RCE The vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries. The post TARmageddon Flaw in Pop...

#Vulnerabilities #Rust #TARmageddon #vulnerability

Origin | Interest | Match

TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution writing TAR archives asynchronously read more about TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution

TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution reconbee.com/tarmageddon-...

#TARmageddon #Async #remotecodeexecution #RCE #Vulnerability #cybersecurity #cyberattacks

TARmageddon, vulnerabilità critica in tokio-tar, consente desincronizzazione TAR e attacchi RCE remoti; patch urgenti distribuite dai fork attivi Rust.

#edera #opensource #Rust #supplychain #TARmageddon
www.matricedigitale.it/2025/10/22/t...

Original post on chaos.social

While the bug in async-tar/tokio-tar dubbed #tarmageddon / CVE-2025-62518 is cool on a technical and code-correctness level, I'm calling bullshit on the #RCE claim. It's a severe overstatement that isn't backed by the advisory.

Processing a tar stream with a vulnerable version won't execute […]