Infinite loop in tarfile module while opening a crafted file¶
Infinite loop in tarfile module while opening a crafted TAR archive in the PAX format with a length of zero.
Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
- Disclosure date: 2019-12-10 (Python issue bpo-39017 reported)
- Python 3.6 (need release)
- Python 3.7 (need release)
[CVE-2019-20907] Infinite loop in the tarfile module.
- Python issue: bpo-39017
- Creation date: 2019-12-10
- Reporter: jvoisin
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Timeline using the disclosure date 2019-12-10 as reference:
- 2019-12-10: Python issue bpo-39017 reported by jvoisin
- 2020-07-13 (+216 days): CVE-2019-20907 published
- 2020-07-15 (+218 days): commit 47a2955 (branch 3.6)
- 2020-07-15 (+218 days): commit 5a8d121 (branch 3.1)
- 2020-07-15 (+218 days): commit 79c6b60 (branch 3.7)
- 2020-07-15 (+218 days): commit c554795 (branch 3.8)
- 2020-07-15 (+218 days): commit f323229 (branch 3.9)
- 2020-07-16 (+219 days): commit cac9ca8 (branch 3.5)
- 2020-07-21 (+224 days): Python 3.8.5 released
- 2020-09-05 (+270 days): Python 3.5.10 released