Infinite loop in tarfile module while opening a crafted file

Infinite loop in tarfile module while opening a crafted TAR archive in the PAX format with a length of zero.

Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

  • Disclosure date: 2019-12-10 (Python issue bpo-39017 reported)

Fixed In

Vulnerable Versions

  • Python 3.6 (need release)
  • Python 3.7 (need release)

Python issue

[CVE-2019-20907] Infinite loop in the tarfile module.

  • Python issue: bpo-39017
  • Creation date: 2019-12-10
  • Reporter: jvoisin

CVE-2019-20907

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Timeline

Timeline using the disclosure date 2019-12-10 as reference: