GHSA-w476-p2h3-79g9: 
Python vulnerability analysis and mitigation

A vulnerability in astral-tokio-tar (versions <= 0.5.5) was discovered that allows attackers to exploit inconsistent PAX/ustar header handling in tar archives. The vulnerability, identified as GHSA-w476-p2h3-79g9, was discovered on August 21, 2025, and publicly disclosed on October 21, 2025. The issue affects multiple systems including uv package manager and various Red Hat products (GitHub Advisory).

The vulnerability stems from inconsistent handling of PAX extended headers versus ustar headers when determining file boundaries. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. The vulnerability has been assigned a CVSS score of 8.1 (High) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N and is classified as CWE-843 (Access of Resource Using Incompatible Type) (GitHub Advisory).

The impact varies depending on implementation. For astral-tokio-tar, if used to extract untrusted inputs, it may result in unexpected attacker-controlled access to the filesystem, potentially leading to arbitrary code execution or credential exfiltration. For uv, the impact is considered low since it only processes tar archives from source distributions, which already possess full arbitrary code execution capabilities by design (GitHub Advisory).

Users are advised to upgrade to astral-tokio-tar version 0.5.6 or newer, and uv version 0.9.5 or newer to address this vulnerability. There are no alternative workarounds available other than upgrading (GitHub Advisory, GitHub Advisory).