CVE-2025-13462
EUVD-2025-20861312.03.2026, 18:16
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| python | cpython | 𝑥 < 3.13.13 | CNA |
| python | cpython | 3.14.0 ≤ 𝑥 < 3.14.4 | CNA |
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.7 |
| ||||||||||||||||
| python3.4 |
| ||||||||||||||||
| python3.5 |
| ||||||||||||||||
| python3.6 |
| ||||||||||||||||
| python3.7 |
| ||||||||||||||||
| python3.8 |
| ||||||||||||||||
| python3.9 |
| ||||||||||||||||
| python3.10 |
| ||||||||||||||||
| python3.11 |
| ||||||||||||||||
| python3.12 |
| ||||||||||||||||
| python3.13 |
| ||||||||||||||||
| python3.14 |
|
Common Weakness Enumeration
References