CVE-2025-13462
tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
6th
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.
| Vendor | python software foundation |
| Product | cpython |
| Published | Mar 12, 2026 |
| Last Updated | Jun 4, 2026 |
Stay Ahead of the Next One
Get instant alerts for python software foundation cpython
Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Python Software Foundation / CPython
0 < 3.13.13 3.14.0 < 3.14.4 3.15.0a1 < 3.15.0a8
References
github.com: https://github.com/python/cpython/pull/143934 github.com: https://github.com/python/cpython/issues/141707 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/EOMI5I66ZMKQ2INNFT6T7IAIKUGPZYIE/ github.com: https://github.com/python/cpython/commit/42d754e34c06e57ad6b8e7f92f32af679912d8ab github.com: https://github.com/python/cpython/commit/7ad3093d76a748af55bdb1d2e8aad3638163b017 github.com: https://github.com/python/cpython/commit/ae99fe3a33b43e303a05f012815cef60b611a9c7 github.com: https://github.com/python/cpython/commit/72dde1016493c52abe857fc4a7bf6c40138b4114 github.com: https://github.com/python/cpython/commit/9a23b753552afa28e3a2f4d8863572fc66479406 github.com: https://github.com/python/cpython/commit/d10950739a78f54d0718d88fb5a868374603c084