> But hasn't all that foundational code been stable and wrung out already over the last 30+ years?
No: a little less than 5 years ago there was CVE-2020-27350, a memory safety bug in the tar/ar implementations.
> But hasn't all that foundational code been stable and wrung out already over the last 30+ years?
No: a little less than 5 years ago there was CVE-2020-27350, a memory safety bug in the tar/ar implementations.
But just this year there was CVE-2025-62518 in tokio-tar.