6 matches found
USN-8367-1: tar-fs vulnerabilities
It was discovered that tar-fs did not properly limit paths when extracting crafted tar files. An attacker could possibly use this issue to write or overwrite files outside the intended extraction directory. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-12905 It was...
EulerOS Virtualization 2.13.1 : python-pip (EulerOS-SA-2026-1640)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn'...
PT-2026-20374
Name of the Vulnerable Software and Affected Versions node-tar versions 7.5.7 and below node-tar version 7.5.8 Description The node-tar package contains a flaw where an attacker-controlled archive, when extracted using default options, can create a hardlink inside the extraction directory that...
Exploit for CVE-2025-4138
CVE-2025-4138 / CVE-2025-4517Python tarfile Filter Bypass via PA...
CVE-2025-59825 astral-tokio-tar has a path traversal in tar extraction
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpackinraw API. Additionally, the Entry::allowexternalsymlinks control which...
Security update for python39
This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...