CVE-2026-33055 - Vulnerability Analysis

Overview

tar-rs <= 0.4.44 contains a vulnerability caused by incorrect handling of PAX size headers in tar archives, letting attackers create archives that unpack inconsistently across parsers, exploit requires crafted archive files.

Severity & Score

Impact

Attackers can create archives that unpack differently across tools, potentially causing data integrity issues or unexpected behavior.

Mitigation

Update to version 0.4.45 or later.

References

• https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946
• https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff
• https://www.cve.org/CVERecord?id=CVE-2025-62518

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner