959 matches found
Important: python3.11
Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
Important: python3.12
Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
Important: python3.12
Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2025-1046)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1046 advisory. Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory.You are affected by this vulnerabili...
Important: python3.11
Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
Important: python3.9
Issue Overview: Allows modifying some file metadata e.g. last modified with filter="data" or file permissions chmod with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using...
Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2025-1044)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1044 advisory. Allows modifying some file metadata e.g. last modified with filter=data or file permissions chmod with filter=tar of files outside the extraction directory.You are affected by this vulnerabili...
Security update for python311
This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...
SUSE-SU-2025:02057-1 Security update for python311
This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...
SUSE-SU-2025:02050-1 Security update for python39
This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-451...
Security update for python311
This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...
Security update for python312
This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixe...
Security update for python310
This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fix...
TencentOS Server 4: python3.11 (TSSA-2024:0417)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0417 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 2: python3 (TSSA-2025:0171)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0171 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
TencentOS Server 3: python3.11 (TSSA-2024:0800)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0800 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 3: python3.11-pip (TSSA-2023:0278)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0278 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Fedora 42 : python3.12 (2025-41dc96c19a)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-41dc96c19a advisory. Update to 3.12.11. - gh-135034: CVE 2024-12718 CVE 2025-4138 CVE 2025-4330 CVE 2025-4435 CVE 2025-4517 Fixes multiple issues that allowed tarfile extraction...
The vulnerability of the TarFile.extractall() and TarFile.extract() functions in the tarfile module of the Python programming language interpreter (CPython) allows attackers to write arbitrary files.
The vulnerability of the TarFile.extractall and TarFile.extract functions in the tarfile module of the CPython interpreter is related to an incorrect path name limitation for restricted access directories when processing the filter= parameter with a value of data or tar. Exploiting this...
CVE-2025-4138
A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract or TarFile.extractall with the filte...