Summary
There is a defect in the CPython “TarFile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives
Impact Details
|
OS/Product
|
Exposure
|
|
ExtremeCloud IQ - Site Engine (XIQ-SE)
|
Yes
|
Repair Recommendations
- Fixed in 25.8.11 or later
Please see the full security advisory here for more details and future updates.
