CVE-2007-4559

Updated: 2025-08-20 01:37:37.384801

Description:

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.8
CVSS Version 3.x 0.0

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
EL 9 python 3.6 0.0 Released CLSA-2025:1749037854 2025-06-05 02:31:14
EL 9 python 2.7 0.0 Ignored 2025-07-29 01:45:39
Ubuntu 16.04 python 2.7 0.0 Ignored 2025-10-14 06:44:43 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 16.04 python 3.6 0.0 Released CLSA-2025:1760366920 2025-10-13 17:13:02 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 18.04 python 2.7 0.0 Ignored 2025-10-14 06:44:42 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 18.04 python 3.6 0.0 Released CLSA-2025:1760366999 2025-10-13 17:13:01 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 20.04 python 2.7 0.0 Ignored 2025-10-14 06:44:41 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 20.04 python 3.6 0.0 Released CLSA-2025:1760367079 2025-10-13 17:13:00 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 22.04 python 2.7 0.0 Ignored 2025-10-14 06:44:41 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Ubuntu 22.04 python 3.6 0.0 Released CLSA-2025:1760367154 2025-10-13 17:12:58 We have reasoned not to port this fix since it was never backported to 2.x by upstream
Total: 32