137 matches found
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...
RockyLinux 8 : python3 (RLSA-2025:10128)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10128 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...
Astra Linux – Vulnerability in Python 2.7, Pypy
In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...
SUSE CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...
ROS-20260505-73-0071
A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260505-73-0072
A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...
cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues
A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...
Exploit for Path Traversal in Python
CVE-2007-4559 — TarSlip: The 15-Year Directory Traversal...
cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues
A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...
NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)
The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...
Exploit for CVE-2025-4517
CVE-2025-4517 — Python tarfile filter="data" Bypass PoC P...
📄 Python Tarfile Bypass
This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...
Exploit for CVE-2025-4517
CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...
Exploit for CVE-2025-4138
CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...
Exploit for CVE-2025-4517
CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...
Exploit for CVE-2025-4517
CVE-2025-4517-poc Here is the updated script as a Proof-of-Co...
Exploit for CVE-2025-4138
CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...