18 matches found
UBUNTU-CVE-2026-11940
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
BIT-PYTHON-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
CVE-2026-7774
tarfile.datafilter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a malicious tar archive to cause tarfile.extractall to write files outside the...
PT-2026-46262
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The tarfile.data filter can be bypassed using crafted link entries, such as symlinks with empty or directory-like names. This allows a malicious tar archive to redirect subsequent archive...
Exploit for CVE-2025-4138
CVE-2025-4138 — Python tarfile filter="data" Bypass Arbitra...
MiracleLinux 8 : python3.11-3.11.13-1.el8_10 (AXSA:2025-10428:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10428:04 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...
CLSA-2025-1762958892 python3: Fix of 5 CVEs
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...
CLSA-2025-1762958654 python3: Fix of 5 CVEs
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...
RLSA-2025:10189 Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CLSA-2025-1753208636 python3.9: Fix of 5 CVEs
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...
CLSA-2025-1752748693 python3.11: Fix of 5 CVEs
CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4517: fix multiple tarfile extraction filter bypasses filter="tar"/filter="data"...
SUSE-SU-2025:20492-1 Security update for python311
This update for python311 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser bsc1244705. Update to 3.11.13: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters...
Security update for python311
This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...
SUSE-SU-2025:02057-1 Security update for python311
This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...
Security update for python311
This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273. CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...
Security update for python312
This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixe...
Security update for python310
This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fix...