Fluid Attacks Database

Description

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.16	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.18	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.19	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
debian 11	python2.7	>=0 <2.7.18-2	2.7.18-2
alpine v3.12	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.13	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.14	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.15	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.17	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0
alpine v3.20	python3	=3.1.3-r0 \|\| =3.2.0-r0 \|\| =3.2.3-r0 \|\| =3.3.0-r0 \|\| =3.3.2-r0 \|\| =3.3.3-r0 \|\| =3.3.4-r0 \|\| =3.4.1-r0 \|\| =3.4.2-r0 \|\| =3.4.2-r1 \|\| =3.4.3-r1 \|\| =3.4.3-r2 \|\| =3.5.0-r0 \|\| =3.5.1-r0 \|\| =3.5.1-r1 \|\| =3.5.1-r2 \|\| =3.5.1-r3 \|\| =3.5.2-r0 \|\| =3.5.2-r1 \|\| =3.5.2-r10 \|\| =3.5.2-r2 \|\| =3.5.2-r3 \|\| =3.5.2-r4 \|\| =3.5.2-r5 \|\| =3.5.2-r6 \|\| =3.5.2-r7 \|\| =3.5.2-r8 \|\| =3.5.2-r9 \|\| =3.6.0-r0 \|\| =3.6.1-r0 \|\| =3.6.1-r1 \|\| =3.6.1-r2 \|\| =3.6.1-r3 \|\| =3.6.1-r4 \|\| =3.6.2-r0 \|\| =3.6.2-r1 \|\| =3.6.2-r2 \|\| =3.6.2-r3 \|\| =3.6.3-r3 \|\| =3.6.3-r4 \|\| =3.6.3-r5 \|\| =3.6.3-r6 \|\| =3.6.3-r7 \|\| =3.6.3-r8 \|\| =3.6.3-r9 \|\| =3.6.4-r0 \|\| =3.6.4-r1 \|\| =3.6.6-r0 \|\| =3.6.6-r1 \|\| =3.6.6-r2 \|\| =3.6.6-r3 \|\| =3.6.7-r0 \|\| =3.6.8-r0 \|\| =3.6.8-r1 \|\| =3.6.8-r2 \|\| =3.7.2-r0 \|\| =3.7.3-r0 \|\| =3.7.3-r1 \|\| =3.7.4-r0 \|\| =3.7.5-r0 \|\| =3.7.5-r1 \|\| =3.8.0-r0 \|\| =3.8.1-r0 \|\| =3.8.1-r1 \|\| =3.8.1-r2 \|\| =3.8.1-r3 \|\| =3.8.2-r0 \|\| =3.8.2-r1 \|\| =3.8.2-r2 \|\| =3.8.2-r3 \|\| =3.8.2-r4 \|\| =3.8.2-r5 \|\| =3.8.2-r6 \|\| =3.8.2-r7 \|\| =3.8.3-r0 \|\| =3.8.4-r0 \|\| >=0 <3.8.5-r0	3.8.5-r0

1-10 of 26

Aliases

1. CVE-2019-209072. NVD-2019-209073. OSV-ALPINE-2019-209074. OSV-2019-209075. OSV-DEBIAN-2019-209076. SECURITY-CVE-2019-209077. SECURITY-TRACKER-CVE-2019-20907

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.