1023 matches found
CVE-2026-62239
FlashAttention (up to 2.8.3.post1) contains a symlink attack in hopper/setup.py: download_and_copy() extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can plant a predictable symlink in the cache to redirect extracted binaries to a chosen lo...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
cpython: python: Extraction filter bypass for linking outside extraction directory
A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall or TarFile.extract with the...
BIT-PYTHON-MIN-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
BIT-PYTHON-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...
python: Python tarfile module: Denial of Service via improper EOF handling in streaming mode
A flaw was found in the Python tarfile module. When processing a specially crafted tar archive opened in 'streaming mode' mode='r|', the module does not properly handle the end-of-file EOF condition. This can cause the tarfile module to enter an infinite loop, leading to a Denial of Service DoS f...
Linux Distros Unpatched Vulnerability : CVE-2026-4360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted...
DEBIAN-CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
UBUNTU-CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360 Tarfile.extract() doesn't fully respect filter parameter
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360
In the Tarfile.extract function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract function...
CVE-2026-4360
Summary of CVE-2026-4360 (mode C) The issue concerns Python’s tarfile TarFile.extract() where the filter parameter is not correctly applied when extracting hardlinks. The vulnerability can allow an affected system that processes tar files from untrusted sources to write files with an unexpected u...
PT-2026-53894
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description In the extract function of the Tarfile module, the filter parameter is not correctly handled when extracting hardlinks. This issue allows a system extracting content from untrusted tar files t...
Linux Distros Unpatched Vulnerability : CVE-2026-11972
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the tarfile module with a file opened in streaming mode mode=r| the tarfile module did not properly handle EOF, making archive parsing take...