Listen to this Post
The vulnerability CVE-2025-62518 in `astral-tokio-tar` (the library used by uv) concerns improper handling of PAX extended headers within tar archives. PAX headers are extensions for storing additional file metadata. A maliciously crafted tar archive could contain a PAX header that specifies a file size override for an entry. The vulnerable parser would incorrectly process this header, causing it to extract the file based on the overridden size from the header rather than the size recorded in the standard tar entry header. This creates a parser differential, where the same archive extracts different file contents in `uv` compared to other tools like GNU tar that correctly prioritize the standard header information. An attacker could exploit this by creating a malicious Python source distribution package. When installed by a vulnerable version of uv, the extracted files would differ from what is seen by other installers, potentially leading to unexpected behavior during the package’s build and installation process, which already involves executing arbitrary code.
Platform: uv
Version: <=0.9.4
Vulnerability : Tar parsing
Severity: Low
date: 2025
Prediction: Patch 2025-07-26
What Undercode Say:
`tar –list –file malicious_package.tar.gz`
`uv pip install ./malicious_package.tar.gz`
`strings malicious_package.tar.gz | grep -A 1 -B 1 “size”`
How Exploit:
Craft a tar file with conflicting file sizes in the standard header and a PAX extended header. The vulnerable parser uses the PAX override, creating different extraction results.
Protection from this CVE
Upgrade `uv` to version 0.9.5 or later, which uses the patched version of astral-tokio-tar.
Impact:
Parser differential. Inconsistent file extraction. Low severity due to source distributions’ inherent code execution.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
