SUSE-SU-2023:2778-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750...

SUSE-SU-2023:2517-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...

dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument

A vulnerability was found in dotnet. This issue can cause an elevation of privilege when the TarFile.ExtractToDirectory ignores the extraction directory argument...

dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument

A vulnerability was found in dotnet. This issue can cause an elevation of privilege when the TarFile.ExtractToDirectory ignores the extraction directory argument...

CVE-2023-32032

A vulnerability was found in dotnet. This issue can cause an elevation of privilege when the TarFile.ExtractToDirectory ignores the extraction directory argument...

SUSE-SU-2023:2473-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750. - Fixed unittest.mock.patch.dict returns function when applied to coroutines bsc1211158...

SUSE-SU-2023:2463-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall bsc1203750...

Debian dla-3432 : idle-python2.7 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3432 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3432-1 [email protected]...

mindsdb arbitrary file write when extracting a remotely retrieved Tarball

Summary An unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. Details I commented the following...

PT-2023-22817 · Mindsdb +1 · Mindsdb +1

Name of the Vulnerable Software and Affected Versions: mindsdb versions prior to 23.2.1.0 Description: The issue is related to an unsafe extraction performed using tarfile.extractall from a remotely retrieved tarball, which may lead to the writing of extracted files to an unintended location. Thi...

K78284681: Python tarfile library vulnerability CVE-2019-20907

Security Advisory Description In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation. CVE-2019-20907 Impact A user-created custom Python script utilizing the Python...

SUSE CVE-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

SUSE CVE-2015-4021

The pharparsetarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service integer underflow and memory...

SUSE CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

RHEL 7 : python27 (RHSA-2020:4273)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4273 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 6 / 7 : rh-python36 (RHSA-2020:4285)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4285 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high leve...

Path Traversal

GuardDog is vulnerable to path traversal. The vulnerability exists due to the unsafe extraction using the tarfile.TarFile.extractall functionality in the scanlocal function of packagescanner.py, which allows an attacker to write arbitrary files outside the destination directory through a maliciou...

GHSA-RP2V-V467-Q9VQ GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package

Impact Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed. This is due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the...

PT-2022-16057 · Python +1 · Tarfile.Tarfile +1

Name of the Vulnerable Software and Affected Versions: GuardDog versions prior to 0.1.5 Description: The issue allows an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanne...

The vulnerability of the extract and extractall functions in the tarfile module of the Python interpreter allows a hacker to execute arbitrary code.

The vulnerability of the extract and extractall functions in the tarfile module of the Python interpreter is related to incorrect pathname restrictions for restricted access directories. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...