CVE-2026-11972
8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Python Software Foundation | CPython | 0 < 3.15.0 | affected |
Weaknesses
- CWE-252: CWE-252
- CWE-606: CWE-606
- CWE-770: CWE-770
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/python/cpython/issues/151981
- https://github.com/python/cpython/pull/151982
- https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/
- https://github.com/python/cpython/commit/3f031d431f80668e14f3bc066bbf4369cd9281b9
- https://github.com/python/cpython/commit/4ce6bf7c8aa7725828a38981c306f214c1f29365
- https://github.com/python/cpython/commit/7f0dc59c9a70f8f3b4da33d7c4a2ba552a7acc21
- https://github.com/python/cpython/commit/e86666c9dd256d52d0fbef6feb1ea4a51768fdec
- https://github.com/python/cpython/commit/eb63c0f94dfcbea7fda8eab6213818e134d67192
- https://github.com/python/cpython/commit/f50bf13566189c8d0ce5a814f33eff3d89951896
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.