Lucene search
+L

137 matches found

redhat
redhat
added last week3 views

cpython: python: Extraction filter bypass for linking outside extraction directory

A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...

7.5CVSS6.5AI score0.00805EPSS
Exploits2References10
redhat
redhat
added 2026/07/05 8:2 p.m.2 views

python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode

A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...

8.2CVSS6AI score0.00433EPSS
Exploits0References7
redhat
redhat
added 2026/07/05 7:25 p.m.2 views

python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode

A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...

8.2CVSS6AI score0.00433EPSS
Exploits0References7
nessus
nessus
added 2026/05/22 12:0 a.m.7 views

RockyLinux 8 : python3 (RLSA-2025:10128)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10128 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

9.4CVSS7AI score0.01227EPSS
Exploits14References11
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Python 2.7, Pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

7.5CVSS7.1AI score0.06036EPSS
Exploits0References2
susecve
susecve
added 2026/05/19 2:1 a.m.8 views

SUSE CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

6.5CVSS6.8AI score0.00611EPSS
Exploits0References28
redos
redos
added 2026/05/05 12:0 a.m.10 views

ROS-20260505-73-0071

A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.8AI score0.02203EPSS
Exploits2
redos
redos
added 2026/05/05 12:0 a.m.11 views

ROS-20260505-73-0072

A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.8AI score0.02203EPSS
Exploits2
nessus
nessus
added 2026/04/29 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References3
redhat
redhat
added 2026/04/28 6:40 a.m.1 views

cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References7
githubexploit
githubexploit
added 2026/04/18 11:37 a.m.359 views

Exploit for Path Traversal in Python

CVE-2007-4559 — TarSlip: The 15-Year Directory Traversal...

9.8CVSS6.3AI score0.27095EPSS
Exploits3
redhat
redhat
added 2026/04/11 7:41 p.m.1 views

cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References7
nessus
nessus
added 2026/03/28 12:0 a.m.2 views

NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/02/20 2:8 a.m.344 views

Exploit for CVE-2025-4517

CVE-2025-4517 — Python tarfile filter="data" Bypass PoC P...

9.4CVSS5.6AI score0.01227EPSS
Exploits11
packetstorm
packetstorm
added 2026/02/19 12:0 a.m.195 views

📄 Python Tarfile Bypass

This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...

7.5CVSS5.5AI score0.01149EPSS
Exploits7
githubexploit
githubexploit
added 2026/02/18 9:8 p.m.734 views

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...

9.4CVSS5.9AI score0.01227EPSS
Exploits19
githubexploit
githubexploit
added 2026/02/16 5:5 p.m.263 views

Exploit for CVE-2025-4138

CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...

7.5CVSS5.6AI score0.01149EPSS
Exploits7
githubexploit
githubexploit
added 2026/02/15 7:39 p.m.243 views

Exploit for CVE-2025-4517

CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...

9.4CVSS6.9AI score0.01227EPSS
Exploits11
githubexploit
githubexploit
added 2026/02/15 12:27 p.m.257 views

Exploit for CVE-2025-4517

CVE-2025-4517-poc Here is the updated script as a Proof-of-Co...

9.4CVSS5.8AI score0.01227EPSS
Exploits11
githubexploit
githubexploit
added 2026/02/15 8:28 a.m.922 views

Exploit for CVE-2025-4138

CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...

9.8CVSS8.2AI score0.27095EPSS
Exploits16
Rows per page
Query Builder