PT-2026-25023 · Python · Tarfile

Published

2026-03-12

·

Updated

2026-04-29

·

CVE-2025-13462

CVSS v4.0

2.0

Low

VectorAV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions tarfile module (affected versions not specified)
Description The 'tarfile' module incorrectly normalizes AREGTYPE blocks to DIRTYPE when processing multi-block members like GNUTYPE LONGNAME or GNUTYPE LONGLINK. This can cause crafted tar archives to be misinterpreted by the module compared to other implementations.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Special Elements Injection

RCE

Unrestricted File Upload

Weakness Enumeration

CWE-74CWE-20CWE-434

Related Identifiers

BIT-LIBPYTHON-2025-13462
BIT-PYTHON-2025-13462
BIT-PYTHON-MIN-2025-13462
CVE-2025-13462
ECHO-2833-B900-AC3D
OESA-2026-1899
OESA-2026-1900
OESA-2026-1901
OESA-2026-1902
OPENSUSE-SU-2026:10469-1
OPENSUSE-SU-2026:10477-1
OPENSUSE-SU-2026:10478-1
OPENSUSE-SU-2026:10479-1
OPENSUSE-SU-2026:10480-1
OPENSUSE-SU-2026:10481-1
OPENSUSE-SU-2026:20517-1
PSF-2026-10
RHSA-2026:10118
RHSA-2026:11324
RHSA-2026:7443
RHSA-2026:7661
SUSE-SU-2026:1206-1
SUSE-SU-2026:1292-1
SUSE-SU-2026:1296-1
SUSE-SU-2026:1345-1
SUSE-SU-2026:1349-1
SUSE-SU-2026:1354-1
SUSE-SU-2026:1376-1
SUSE-SU-2026:1385-1
SUSE-SU-2026:1417-1
SUSE-SU-2026:1530-1
SUSE-SU-2026:1715-1
SUSE-SU-2026:21104-1
SUSE-SU-2026:21178-1
SUSE-SU-2026:21254-1

Affected Products

Tarfile