RockyLinux 8 : python3 (RLSA-2025:10128)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:10128 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside extraction...

SUSE CVE-2025-8194

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives...

ROS-20260505-73-0071

A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260505-73-0072

A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Astra Linux - уязвимость в python2.7, pypy

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

Astra Linux - уязвимость в python2.7, python3.11, python3.7

There is a defect in the CPython “tarfile” module that affects the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets without errors, which can lead to an infinite loop and deadlock during the parsing of maliciously crafted tar...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-015069)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015069 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Exploit for Path Traversal in Python

CVE-2007-4559 — TarSlip: The 15-Year Directory Traversal...

NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

Exploit for CVE-2025-4517

CVE-2025-4517 — Python tarfile filter="data" Bypass PoC P...

📄 Python Tarfile Bypass

This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...

Exploit for CVE-2025-4138

CVE-2025-4138 Python Tarfile module Directory Traversal Vulne...

Exploit for CVE-2025-4517

CVE-2025-4517 / CVE-2025-4330 — Python tarfile Data Filter B...

Exploit for CVE-2025-4517

CVE-2025-4517-poc Here is the updated script as a Proof-of-Co...

Exploit for CVE-2025-4138

CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...

Siemens SCALANCE and RUGGEDCOM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2025-4517)

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the tarfilemodule to extract untrusted tar archives using TarFile.extractallor TarFile.extractusing the filter=parameter with a value of dataor...

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2026-1141)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 8 : python3.11-3.11.10-1.el8_10 (AXSA:2024-8969:25)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8969:25 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...