Critical Symlink Flaw in astral-tokio-tar Enables Arbitrary Directory Permission Manipulation

Two security advisories have been issued against the astral-tokio-tar Rust library, exposing vulnerabilities in version 0.6.0 that could allow attackers to manipulate directory permissions outside intended archive boundaries. The first flaw, catalogued as RUSTSEC-2026-0113, stems from the `unpack_in` API's failure to properly guard against symlink traversal, enabling malicious tar archives to modify permissions on external directories. The second, RUSTSEC-2026-0112, addresses PAX header desynchronization within the same package.

The symlink vulnerability poses a particular risk because the `unpack_in` function inadvertently changes permissions on directories outside the archive hierarchy when symlinks are present. While individual file permissions cannot be altered through this vector, directory permission escalation could grant unintended access or execution privileges in systems processing untrusted archives. The flaw mirrors a similar weakness previously documented in the core tar crate (GHSA-j4xf-2g29-59ph), suggesting a systemic pattern in Rust's archive handling ecosystem. Version 0.6.1 and later contain the patches.

The disclosures add pressure on maintainers of projects depending on astral-tokio-tar to audit their dependency trees and apply updates. Given the library's role in Rust's async ecosystem—particularly its use within tokio-based services—downstream exposure could extend to file processing services, build systems, and deployment tooling. Security teams should verify whether their projects directly or transitively pull astral-tokio-tar and prioritize patching to 0.6.1 or higher. The identical flaw pattern across multiple crates raises questions about review standards for archive parsing libraries in memory-safe languages, where such vulnerabilities are less expected than in lower-level systems code.