Loading…
← Back to schedule
TARmageddon: Reflections on a Multi-Crate CVE
Thursday September 10, 2026 14:35 - 15:15 EDT
Palais des Congrès de Montréal
What happens when several people create popular forks of a Rust project and then a vulnerability impacts all of them? When we found a parsing vulnerability in tokio-tar, dubbed TARmageddon, we discovered how a simple oversight in TAR parsing logic can yield dangerous behavior... and then we discovered the widespread impact. We’ll walk through this vulnerability and how the responsible disclosure ended up sent to four different projects. We’ll look at how this disclosure became a scavenger hunt for maintainer email addresses, popular forks, and dependent projects.

We'll then evaluate why this kind of forking might be more common in Rust and how the synchronous/asynchronous divide can result in disparate forks of Rust projects, exploring methodologies to eliminate async/sync separation in common libraries.
Speakers
avatar for Alex Zenla

Alex Zenla

CTO, Edera
Alex is a Founder & CTO at Edera, building technology for securing containers using hypervisors in Rust. She has contributed to many open source projects including Chromium, Chromium OS, Dart, and Ubuntu, some as early as 11 years old. Alex started in the corporate world at the age... Read More →
Thursday September 10, 2026 14:35 - 15:15 EDT
Palais des Congrès de Montréal
  Breakout Sessions

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link