In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | 3.5.0 (including) | 3.5.10 (excluding) |
Python | Python | 3.6.0 (including) | 3.6.12 (excluding) |
Python | Python | 3.7.0 (including) | 3.7.9 (excluding) |
Python | Python | 3.8.0 (including) | 3.8.5 (excluding) |