undefined | Better HN

0 pointsDenvercoder94mo ago0 comments

> But hasn't all that foundational code been stable and wrung out already over the last 30+ years?

No: a little less than 5 years ago there was CVE-2020-27350, a memory safety bug in the tar/ar implementations.

0 comments

But just this year there was CVE-2025-62518 in tokio-tar.

j / k navigate · click thread line to collapse

0 pointsDenvercoder94mo ago0 comments

> But hasn't all that foundational code been stable and wrung out already over the last 30+ years?

No: a little less than 5 years ago there was CVE-2020-27350, a memory safety bug in the tar/ar implementations.

But just this year there was CVE-2025-62518 in tokio-tar.

j / k navigate · click thread line to collapse