发布时间: 2025年9月5日
修改时间: 2025年9月12日
There is a defect in the CPython 'tarfile' module affecting the 'TarFile' extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | |
| Attack Vector | Network | |
| CVSS评分 | N/A | 7.5 |
| Attack Complexity | Low | |
| Privileges Required | None | |
| Scope | Unchanged | |
| Integrity | None | |
| User Interaction | None | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2858 | python3 security update | 2025年9月12日 |
| 产品 | 包 | 状态 |
|---|---|---|
| V6 | python3 | Fixed |
| KY3.5.3 | python3 | Fixed |
| KY3.5.2 | python3 | Fixed |
