Multiple tarfile extraction filter bypasses (filter="tar"/filter="data") (original) (raw)

Bug description:

Public issue for fixing CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, and CVE-2024-12718. See full advisory on security-announce.

[edit @encukou]: Also addresses CVE-2025-4435. Sorry for leaving that out of the commit messages.

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

• gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') #135037
• [3.13] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) #135064
• [3.14] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (gh-135037) #135065
• [3.12] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) #135066
• [3.11] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) #135068
• [3.10] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) #135070
• [3.9] gh-135034: Normalize link targets in tarfile, add os.path.realpath(strict='allow_missing') (GH-135037) #135084
• [3.12] gh-135034: Remove test_realpath_permission #135093