Описание
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.9 | fixed | 3.9.0~b5-1 | package | |
| python3.8 | fixed | 3.8.5-1 | package | |
| python3.7 | removed | package | ||
| python3.7 | fixed | 3.7.3-2+deb10u2 | buster | package |
| python3.5 | removed | package | ||
| python2.7 | fixed | 2.7.18-2 | package | |
| pypy3 | fixed | 7.3.3+dfsg-1 | package |
Примечания
https://bugs.python.org/issue39017
https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master)
https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch)
https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559 (3.8-branch)
https://github.com/python/cpython/commit/79c6b602efc9a906c8496f3d5f4d54c54b48fa06 (3.7-branch)
https://github.com/python/cpython/commit/47a2955589bdb1a114d271496ff803ad73f954b8 (3.6-branch)
https://github.com/python/cpython/pull/21454
EPSS
Связанные уязвимости
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
EPSS