Zero Day MonitorZDM

← Back to list

—

CVE-2025-13462PATCHED

python software foundation · cpython

tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling

Description

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

Affected Products

Vendor	Product	Versions
python software foundation	cpython	0, 3.14.0, 3.15.0a1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	python	cert_advisory	90%
su	suse opensuse	cert_advisory	90%

References

Related News (1 articles)

Tier B

BSI Advisories3d ago

[UPDATE] [niedrig] CPython: Schwachstelle ermöglicht Manipulation von Dateien

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

3.14.43.15.0a8

PublishedMar 12, 2026

Last enriched9d ago

Trending Score12

Source articles1

Independent1

Info Completeness4/14

Missing: vendor, product, versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34591EXP

Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

HIGHCVE-2026-1502

HTTP client proxy tunnel headers not validated for CR/LF

NONECVE-2026-3446

Base64 decoding stops at first padded quad by default

NONECVE-2026-4519EXP

webbrowser.open() allows leading dashes in URLs

NONECVE-2026-3644

Incomplete control character validation in http.cookies

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Mar 12, 2026

Discovered by ZDM

Apr 1, 2026

Patch Available

Apr 7, 2026