Fluid Attacks Database

Description

A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	python	-	-
rpm rhel8.6	python-pip	<0:9.0.3-22.1.el8_6	0:9.0.3-22.1.el8_6
rpm rhel7	python3	-	-
rpm rhel9	python3.9	<0:3.9.18-1.el9_3	0:3.9.18-1.el9_3
rpm rhel8	python38	<0:3.8.17-2.module+el8.9.0+19642+a12b4af6	0:3.8.17-2.module+el8.9.0+19642+a12b4af6
rpm rhel8	python39	<0:3.9.18-1.module+el8.9.0+20024+793d7211	0:3.9.18-1.module+el8.9.0+20024+793d7211
rpm rhel8.8	python-pip	<0:9.0.3-22.1.el8_8	0:9.0.3-22.1.el8_8
rpm rhel9	python3.11-pip	<0:22.3.1-4.el9	0:22.3.1-4.el9
rpm rhel8.6	python3	<0:3.6.8-47.el8_6.4	0:3.6.8-47.el8_6.4
rpm rhel8	python3	<0:3.6.8-56.el8_9	0:3.6.8-56.el8_9

1-10 of 19

Aliases

1. CVE-2007-45592. NVD-2007-45593. OSV-2007-4559

References

1. https://github.com/advanced-threat-research/Creosote

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.