N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-w476-p2h3-79g9

EPSS Score

CWE

CWE-843

Published

10/21/2025

Updated

10/21/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-w476-p2h3-79g9

GHSA-w476-p2h3-79g9: uv has differential in tar extraction with PAX headers

Impact

In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers.

The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518.

In practice, the impact of this vulnerability is low: only source distributions can be formatted as tar archives, and source distributions execute arbitrary code at build/installation time by definition. Consequently, a parser differential in tar extraction is strictly less powerful than the capabilities already exposed to an attacker who has the ability to control source distributions.

However, this particular source of malleability in source distributions is unintentional and not operating by design, and therefore we consider it a vulnerability despite its overlap in capabilities with intended behavior.

Patches

Versions 0.9.5 and newer of uv address the vulnerability above. Users should upgrade to 0.9.5 or newer.

Workarounds

Users are advised to upgrade to version 0.9.5 or newer to address this advisory.

Users should experience no breaking changes as a result of the patch above.

References

See CVE-2025-62518 for the corresponding advisory against astral-tokio-tar

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-w476-p2h3-79g9

GHSA-w476-p2h3-79g9:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-w476-p2h3-79g9

EPSS Score

CWE

CWE-843

Published

10/21/2025

Updated

10/21/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
uv	pip	<= 0.9.4	0.9.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability identified as GHSA-w476-p2h3-79g9 in uv is due to a flaw in a transitive dependency, the tar crate (also known as tar-rs). The vulnerability, tracked as CVE-2024-36043 in the tar crate, lies in the handling of PAX headers that override file sizes during tar extraction.

The patch for uv, seen in commit ae450662d1546e9853f67a8c61a506d3a892d963, is a dependency update. Specifically, it bumps the version of astral-tokio-tar from 0.5.5 to 0.5.6. This new version of astral-tokio-tar depends on the patched version of the tar crate (0.4.40 or newer), which contains the fix for the underlying vulnerability.

The vulnerable function is tar::Entry::read, located in src/entry.rs of the tar-rs repository. This function implements the Read trait for tar entries. During exploitation, a specially crafted tar archive with a malicious PAX header would be processed. When uv attempts to install a package from this tar archive, it would invoke the vulnerable tar::Entry::read function, leading to the incorrect extraction of the file content. Therefore, tar::Entry::read would appear in a runtime profile when the vulnerability is triggered.

Vulnerable functions

tar::Entry::read

src/entry.rs

This function is responsible for reading the data of a file from a tar archive. The vulnerability occurs when a PAX header in the archive overrides the file size. The vulnerable version of the function contained flawed logic to handle this size override, which could lead to reading an incorrect number of bytes. This could cause data from other files or metadata in the archive to be written into the extracted file, leading to a type confusion vulnerability and potentially information disclosure.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-w476-p2h3-79g9: uv has differential in tar extraction with PAX headers

Impact

Patches

Workarounds

References

GHSA-w476-p2h3-79g9:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-w476-p2h3-79g9: uv has differential in tar extraction with PAX headers

Impact

Patches

Workarounds

References

Technical Details

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI