K000149808: Python tarfile vulnerability CVE-2007-4559

Security Advisory Description Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

Medium: python3.11

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

The vulnerability of the tarfile.extractall method in the TrueNAS CORE operating system allows a hacker to execute arbitrary code.

The vulnerability of the tarfile.extractall method in the TrueNAS CORE operating system is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

BIT-PYTHON-MIN-2024-6232 Regular-expression DoS when parsing TarFile headers

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

PT-2025-39265

Name of the Vulnerable Software and Affected Versions pip affected versions not specified Description An issue exists in pip where it may not properly check symbolic links when extracting tar archives if the tarfile module does not implement PEP 706. This can occur when using Python versions that...

CVE-2024-11944

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...

CVE-2024-11944

iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...

CVE-2024-11944

CVE-2024-11944 affects iXsystems TrueNAS CORE (tarfile.extractall). The flaw is lack of validation of a user-supplied path in tarfile.extractall, enabling directory traversal and remote code execution with root privileges on affected installations, exploitable by network-adjacent attacker without...

iXsystems TrueNAS CORE 路径遍历漏洞

iXsystems TrueNAS CORE is an open source storage software from iXsystems. A path traversal vulnerability exists in iXsystems TrueNAS CORE version 13.3-RELEASE, which stems from a lack of proper validation of user-supplied paths in the tarfile.extractall method, which could lead to directory...

Important: python3.9

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2024-770)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-770 advisory. There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted...

PT-2024-10212 · Ixsystems · Truenas Core

Name of the Vulnerable Software and Affected Versions: iXsystems TrueNAS CORE versions prior to 13.0-U6.3 Description: The issue is related to the tarfile.extractall method, which lacks proper validation of a user-supplied path prior to using it in file operations. This allows network-adjacent...

Astra Linux – Vulnerability in Python 3.11

There is a medium-severity vulnerability affecting CPython. Regular expressions that allow excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS through specifically crafted tar archives...

USN-7015-5 python2.7 vulnerabilities

USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding update for CVE-2024-6232 and CVE-2024-6923 for python2.7 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Original advisory details: It was discovered that the...

Important: python3

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3 Note: This advisory is...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

Important: python3.11

Issue Overview: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. CVE-2024-6232 Affected Packages: python3.11 Issue Correction: Ru...

Important: python38

Issue Overview: Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. CVE-2007-4559...

python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

A regular expression denial of service ReDos vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive...

Moderate: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...