Lucene search
+L

72 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52897

Name of the Vulnerable Software and Affected Versions Patool versions prior to 4.0.5 Description A path traversal issue exists in the safe extract function within patoolib/programs/py tarfile.py when used with Python versions before 3.12. The is within directory helper function utilizes...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.18 views

Amazon Linux 2023 : python3.14, python3.14-devel, python3.14-freethreading (ALAS2023-2026-1774)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1774 advisory. The tarfile module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result ...

7.5CVSS5.5AI score0.0079EPSS
Exploits1References12
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Python 3.11

It allows arbitrary file system writes outside the extraction directory during extraction with the filter="data" parameter. This vulnerability affects users who use the tarfile module to extract untrusted tar archives using methods like TarFile.extractall or TarFile.extract, with the filter=...

9.4CVSS7.2AI score0.01227EPSS
Exploits11References2
Redos
Redos
added 2026/05/05 12:0 a.m.11 views

ROS-20260505-73-0071

A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.8AI score0.02203EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/04/28 6:40 a.m.1 views

cpython: cpython: `tarfile` module misinterprets crafted tar archives leading to data integrity issues

A flaw was found in the tarfile module of cpython. This vulnerability allows a remote attacker to craft a malicious tar archive that, when processed, could be misinterpreted by the tarfile module. This misinterpretation occurs because the module incorrectly applies normalization of AREGTYPE block...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/12 8:40 p.m.3 views

Misinterpretation of Input

Overview Affected versions of this package are vulnerable to Misinterpretation of Input in tarfile.py, which may convert AREGTYPE \x00 blocks to DIRTYPE when processing multi-block input such as GNUTYPELONGNAME or GNUTYPELONGLINK. Remediation A fix was pushed into the master branch but not yet...

3.3CVSS5.8AI score0.00164EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 5:59 p.m.3 views

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.8AI score0.00164EPSS
Exploits0References9
OSV
OSV
added 2026/03/12 5:59 p.m.7 views

CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

The "tarfile" module would still apply normalization of AREGTYPE \x00 blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPELONGNAME or GNUTYPELONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations...

2CVSS5.9AI score0.00164EPSS
Exploits0References12
GithubExploit
GithubExploit
added 2026/02/18 9:8 p.m.739 views

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...

9.4CVSS5.9AI score0.01227EPSS
Exploits19
GithubExploit
GithubExploit
added 2026/02/15 10:9 p.m.546 views

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB Overview This exploi...

9.4CVSS7AI score0.01227EPSS
Exploits19
GithubExploit
GithubExploit
added 2026/02/15 12:27 p.m.259 views

Exploit for CVE-2025-4517

CVE-2025-4517-poc Here is the updated script as a Proof-of-Co...

9.4CVSS5.8AI score0.01227EPSS
Exploits11
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Python 3.11

There is a defect in the CPython “tarfile” module that affects the “TarFile” extraction and entry enumeration APIs. The tar implementation processes tar archives with negative offsets without errors, which can lead to an infinite loop and deadlock during the parsing of maliciously crafted tar...

7.5CVSS6.7AI score0.00611EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : python3.12-3.12.1-4.el9_4.4 (AXSA:2024-8949:08)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8949:08 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block...

7.5CVSS7.2AI score0.02203EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 4 : rh-python36-python-pip-9.0.1-5.AXS4, rh-python36-python-3.6.12-1.AXS4, rh-python36-python-virtualenv-15.1.0-3.AXS4 (AXSA:2020-818:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-818:02 advisory. python: XSS vulnerability in the documentation XML-RPC server in servertitle field CVE-2019-16935 python: CRLF injection via the host part of the url...

7.5CVSS7.3AI score0.12826EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2026-1036)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar implementation would...

7.5CVSS6.4AI score0.00611EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.2 views

MiracleLinux 7 : python-2.7.5-94.0.5.el7.AXS7 (AXSA:2025-11503:37)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11503:37 advisory. CVE-2025-8194: fix infinite loop and deadlock in TarFile extraction and entry enumeration APIs CVEs: CVE-2025-8194 There is a defect in the CPython tarfile...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.9 views

MiracleLinux 9 : python3.11-3.11.11-2.el9_6.1 (AXSA:2025-10624:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10624:06 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

9.4CVSS6.7AI score0.01227EPSS
Exploits14References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 7 : python3-3.6.8-21.0.5.0.1.el7.AXS7 (AXSA:2025-11016:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11016:07 advisory. Bump package Release to 21.0.5 CVE-2025-8194: tarfile: validate archives to ensure member offsets are non-negative CVEs: CVE-2025-8194 There is a defect in...

7.5CVSS6.9AI score0.00611EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.4 views

EulerOS Virtualization 2.13.0 : python3 (EulerOS-SA-2025-2614)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the...

7.5CVSS6.3AI score0.00611EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/26 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992145)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992145 advisory. There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

7.5CVSS6.8AI score0.00611EPSS
Exploits0References4
Rows per page
Query Builder