Critical RCE Vulnerability TARmageddon Discovered in Rust async-tar Library and Forks

A critical vulnerability named TARmageddon has been identified in the Rust async-tar library and its forks, including tokio-tar. This vulnerability permits remote code execution (RCE), posing a severe risk to systems processing tar files using these libraries. Async-tar is considered abandoned, which exacerbates the issue as no official patches are expected from the original maintainers. The vulnerability underscores the risks associated with unmaintained software components and highlights the importance of dependency management in software development. Cybersecurity professionals are advised to identify and patch affected libraries in their projects. For those using async-tar, migration to maintained alternatives is strongly recommended. Additionally, implementing input validation and sandboxing for untrusted tar files can mitigate the risk of exploitation. This incident serves as a reminder of the critical need for regular dependency audits and the risks of relying on unmaintained software.