CVE-2025-13462
⚪ Do wiadomości
Błąd w module "tarfile" może prowadzić do nieprawidłowej interpretacji złośliwych archiwów tar, co stwarza ryzyko nieautoryzowanego dostępu do danych.
CVSS
0.0
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 0.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-03-12 18:16:21 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-01 16:16:28 UTC |
Referencje
- https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab (cna@python.org)
- https://github.com/python/cpython/commit/72dde1016493c52abe857fc4a7bf6c40138b4114 (cna@python.org)
- https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017 (cna@python.org)
- https://github.com/python/cpython/commit/9a23b753552afa28e3a2f4d8863572fc66479406 (cna@python.org)
- https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7 (cna@python.org)
- https://github.com/python/cpython/issues/141707 (cna@python.org)
- https://github.com/python/cpython/pull/143934 (cna@python.org)
- https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/ (cna@python.org)