What is CVE-2007-4559?

CVE-2007-4559 is a medium-severity directory traversal vulnerability affecting the extract and extractall functions in Python's tarfile module. This vulnerability allows attackers to overwrite arbitrary files by exploiting a directory traversal issue when extracting files from TAR archives.

Who is impacted by CVE-2007-4559?

The impacted versions include Python up to 3.6.15, 3.7.0 to 3.8.16, 3.9.0 to 3.9.16, 3.10.0 to 3.10.11, and 3.11.0 to 3.11.3.

What to do if CVE-2007-4559 affected you

If you're affected by the CVE-2007-4559 vulnerability, it's crucial to take action to protect your system. First, ensure you're using a secure version of Python. Next, follow these steps:

1. Never extract archives from untrusted sources without inspecting them first.

2. Apply suggested fixes to the tarfile module, as discussed in the Python-Dev mailing list.

3. Test the updated module to ensure the vulnerability is mitigated.

Is in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2007-4559 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-22, which involves improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'.

Learn More

For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.

• Python-Dev mailing list discussion

• Red Hat Product Errata