958 matches found
CVE-2025-13462
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
PSF-2026-10
The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...
CVE-2025-13462
CVE-2025-13462 concerns the Python tarfile module: it would normalize AREGTYPE (\x00) blocks to DIRTYPE even when processing GNU LONGNAME/LONGLINK multiblock members, which could cause a crafted tar archive to be interpreted differently from other implementations. Affected stack/impact are descri...
Oracle Linux 7 : python3 (ELSA-2026-2713)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2713 advisory. - Security update CVE-2025-12084 Orabug: 38971895 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 - Fix...
python3 security update
3.6.8-21.0.7 - Security update CVE-2025-12084 Orabug: 38971895 3.6.8-21.0.5 - tarfile now validates archives to ensure member offsets are non-negative Orabug: 38442771CVE-2025-8194 3.6.8-21.0.3 - Fix DoS parsing crafted tarfile headers Orabug: 37626372CVE-2024-6232 - Disable testsocket in the PGO...
CLSA-2026-1772810768 python3: Fix of CVE-2025-8194
CVE-2025-8194: tarfile: validate archives to ensure non-negative member offsets to prevent infinite loop and resource exhaustion...
CLSA-2026-1772577130 python: Fix of CVE-2025-8194
CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...
python: Fix of CVE-2025-8194
CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...
CLSA-2026-1772576551 python: Fix of CVE-2025-8194
CVE-2025-8194: tarfile now validates archives to ensure member offsets are non-negative...
Symlink Attack
Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Symlink Attack in the safeextracttarfile function. An attacker can overwrite arbitrary files on the host filesystem, potentially leading to remote code execution, by crafting ...
GHSA-M6W7-QV66-G3MF BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction
Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...
BentoML 后置链接漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.36, there was a post-link vulnerability. This vulnerability stemmed from the safeextracttarfile function,...
Exploit for CVE-2025-4517
CVE-2025-4517 — Python tarfile filter="data" Bypass PoC P...
📄 Python Tarfile Bypass
This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...
Exploit for CVE-2025-4517
CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...
Exploit for CVE-2025-4517
This script is a weaponized version of the research published in...
RLSA-2023:7050 Moderate: python38:3.8 and python38-devel:3.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RLSA-2023:7034 Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
python38:3.8 and python38-devel:3.8 security update
An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-wcwidth, module.python-ply, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy,...
python39:3.9 and python39-devel:3.9 security update
An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python-iniconfig, module.python-wcwidth, module.python-ply, python-psutil, python-chardet, module.python-pluggy, python-lxml, python-pysocks, python-wcwidth, python-pluggy, module.python-attrs...