#Tag · bonfire.cafe

This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found

I've coordinated a lot of vulnerabilities in my day, but never have I had to even think about something as difficult as this one. Alex fills us in on how it was found, what the coordination looked like, and some things to think about as we manage these incredibly complex supply chains

https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/

Josh Bressers

@joshbressers@infosec.exchange · 4 weeks ago

This episode of #OpenSourceSecurity I chat with Alex Zenla from Edera about the #TARmageddon vulnerability they found

https://opensourcesecurity.io/2025/2025-12-tarmageddon-alex/

jbz

@jbz@indieweb.social · 2 months ago

🪤 TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware

｢ In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends ｣

https://edera.dev/stories/tarmageddon

#TARmageddon #CVE202562518 #rust #rce #cybersecurity

Jan :rust: :ferris: boosted

Thomas Gerbet

@Le_suisse@social.gerbet.me · 2 months ago

Distro maintainers working on the #Tarmageddon / #CVE_2025_62518 you might like @niklaskorz work 💚.

He started to compile a list of software that includes one of the vulnerable crates in its dependency tree, based on the current state of #nixpkgs. You might find affected packages in your own repositories.

https://github.com/NixOS/nixpkgs/issues/455265

Thomas Gerbet

@Le_suisse@social.gerbet.me · 2 months ago

Distro maintainers working on the #Tarmageddon / #CVE_2025_62518 you might like @niklaskorz work 💚.

https://github.com/NixOS/nixpkgs/issues/455265