959 matches found
SUSE-SU-2025:20492-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters...
Arbitrary writes via tarfile realpath overflow
...
BIT-PYTHON-MIN-2025-4517 Arbitrary writes via tarfile realpath overflow
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
BIT-PYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
BIT-PYTHON-MIN-2025-4435 Tarfile extracts filtered members when errorlevel=0
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...
BIT-PYTHON-2025-4435 Tarfile extracts filtered members when errorlevel=0
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped...
BIT-PYTHON-MIN-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
BIT-PYTHON-2025-4138 Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
BIT-PYTHON-MIN-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory
Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
BIT-PYTHON-2024-12718 Bypass extraction filter to modify file metadata outside extraction directory
Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or...
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...
python: cpython: Arbitrary writes via tarfile realpath overflow
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...
cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...
python: cpython: Arbitrary writes via tarfile realpath overflow
A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall or TarFile.extract methods with the extraction filter parameter set to "data" or "tar"...
cpython: Tarfile extracts filtered members when errorlevel=0
A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter="data" or filter="tar" extraction filters...