CVE-2025-13462

UNKNOWN 0.0

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

2th

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Vendor	python software foundation
Product	cpython
Published	Mar 12, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

0 < 3.13.13 3.14.0 < 3.14.4 3.15.0a1 < 3.15.0a8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python/cpython/pull/143934 github.com: https://github.com/python/cpython/issues/141707 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/ github.com: https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab github.com: https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017 github.com: https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7