Python tarfile Module Extraction Filter Bypass Vulnerability

A vulnerability in the Python tarfile module allows extraction filters to be bypassed, enabling symlink targets to point outside the destination directory and modify certain file metadata. This issue affects Python versions 3.12 and later, including the 3.14 release, where the default filter setting was changed to 'data'. The vulnerability arises when extracting untrusted tar archives with the TarFile.extract() or TarFile.extractall() methods, using the filter parameter set to 'data' or 'tar'.

Impact

Exploitation of this vulnerability allows for the creation of symbolic links that point outside the extraction directory, potentially leading to unauthorized access or modification of files in other locations. It also enables the manipulation of file metadata, such as modification times and permissions, of files outside the extraction directory.

Reproduction

To reproduce this vulnerability, extract a tar archive using the TarFile.extract() or TarFile.extractall() methods with the filter parameter set to 'data' or 'tar'. Ensure that the tar archive contains symlinks crafted to exploit the filter bypass, such as linking to targets outside the intended extraction directory.

Remediation

Users can upgrade to Python versions 3.12.11, 3.13.4, 3.14.5 or later, where this vulnerability has been fixed. If an upgrade is not possible, the extraction filter can be manually applied by normalizing link targets and rejecting links that contain parent directory segments before extraction.