python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

python: tarfile module directory traversal

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files...

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...

Limiting the Software Supply Chain Attack Surface

Limiting the Software Supply Chain Attack Surface By Trellix · September 21, 2022 This blog was written by Douglas McKee We often discuss how the intentions of an action matter, and it's clear to see why they do. If I am walking down the sidewalk, distracted by my phone of course and run into a...

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities By Charles McFarland · September 21, 2022 The zero-day is the holy grail for cybercriminals; However, N-day vulnerabilities can pose problems even years after discovery. If a target is vulnerable, it doesn’t matter whether...

python: infinite loop in the tarfile module via crafted TAR archive

A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

python: infinite loop in the tarfile module via crafted TAR archive

A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

In Lib/tarfile.py in Python through 3.8.3 an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open because _proc_pax lacks header validation.

...

DEBIAN-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

ALPINE-CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because procpax lacks header validation...

CVE-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

PT-2007-1155

Name of the Vulnerable Software and Affected Versions: Python tarfile module versions affected versions not specified Description: A directory traversal vulnerability in the extract and extractall functions of the tarfile module in Python allows user-assisted remote attackers to overwrite arbitra...