QwikSec

Security Database

CVE

CWE

Training

CVE-2025-13462

Published: Mar 12, 2026

Modified: Jun 4, 2026

PUBLISHED

Description

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Vendor	Product	Versions
Python Software Foundation	CPython	affected `0 - < 3.13.13` affected `3.14.0 - < 3.14.4` affected `3.15.0a1 - < 3.15.0a8`

References

https://github.com/python/cpython/pull/143934

patch

https://github.com/python/cpython/issues/141707

issue-tracking

https://mail.python.org/archives/list/[email protected]/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/

vendor-advisory

https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab

patch

https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017

patch

https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7

patch

https://github.com/python/cpython/commit/72dde1016493c52abe857fc4a7bf6c40138b4114

patch

https://github.com/python/cpython/commit/9a23b753552afa28e3a2f4d8863572fc66479406

patch

https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.