CVE-2025-13462

EUVD-2025-208613
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.7
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
dne
questing
dne
trusty
needs-triage
xenial
needs-triage
python3.4
jammy
dne
noble
dne
questing
dne
trusty
needs-triage
python3.5
jammy
dne
noble
dne
questing
dne
trusty
needs-triage
xenial
needs-triage
python3.6
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
python3.7
bionic
needs-triage
jammy
dne
noble
dne
questing
dne
python3.8
bionic
needs-triage
focal
needs-triage
jammy
dne
noble
dne
questing
dne
python3.9
focal
needs-triage
jammy
dne
noble
dne
questing
dne
python3.10
jammy
needs-triage
noble
dne
questing
dne
python3.11
jammy
needs-triage
noble
dne
questing
dne
python3.12
jammy
dne
noble
needs-triage
questing
dne
python3.13
jammy
dne
noble
dne
questing
needs-triage
python3.14
jammy
dne
noble
dne
questing
needs-triage
Common Weakness Enumeration
References
https://github.com/python/cpython/issues/141707
https://github.com/python/cpython/pull/143934
https://mail.python.org/archives/list/security-announce@python.org/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/