Python tarfile Module Extraction Filter Bypass Vulnerability

A vulnerability in the Python tarfile module allows for arbitrary filesystem writes outside the extraction directory when extracting untrusted tar archives with the filter parameter set to 'data'. This issue affects Python versions 3.12 and later, including 3.14, where the default filter value changed to 'data'. The vulnerability arises because the extraction filter can be bypassed, leading to potential path traversal attacks via crafted symlink and hard link manipulation.

Impact

Exploitation of this vulnerability allows for arbitrary writes to the filesystem outside the designated extraction directory, potentially overwriting important files or creating malicious symlinks that could be exploited later.

Reproduction

To reproduce this vulnerability, use the tarfile module to extract an archive with the 'data' filter applied. Before extraction, ensure that the archive contains crafted symlinks or hard links that point outside the extraction directory. After extraction, check for any unauthorized writes or modifications in the filesystem.

Remediation

Users can upgrade to a fixed version of Python or apply the provided patch. If neither option is available, links with parent directory segments should be rejected before extraction.