When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python3.12 | Ubuntu | noble | * |
Python3.12 | Ubuntu | oracular | * |
Python3.13 | Ubuntu | oracular | * |
Python3.13 | Ubuntu | plucky | * |
Python3.13 | Ubuntu | upstream | * |
Python3.14 | Ubuntu | devel | * |
Python3.14 | Ubuntu | upstream | * |