Change language

Python re-discovered a vulnerability not closed 15 years ago

Python never closed a vulnerability discovered back in 2007, according to Bleeping Computer. More than 350,000 open-source projects are now under attack.

See also: Best laptop for hacking

The existence of the vulnerability was not a secret, it was discovered in late August 2007, but it was not disclosed and was not assigned a security level, only an index - CVE-2007-4559. The vulnerability itself is located in the Python tarfile package, where the untested tarfile.extract() or tarfile.extractall() functions are used. It can be used to potentially overwrite or capture files on the victim computer when a vulnerable application opens a malicious tarfile archive via tarfile.

The revelation of the vulnerability belongs to security researchers at Trellix. When they were investigating another problem in Python, they turned their attention to CVE-2007-4559 and verified how dangerous the finding was. Experts took 257 repositories and manually checked 175 of them. It turned out that the flaw was present in 61% of them.

Trellix staff have prepared fixes for just over 11,000 projects on GitHub, which will be available in a branch of the affected repositories. These will then be added to the main project via a pull request. In addition, more than 70,000 projects will receive a patch in the near future.

Featured book: CEH v11 PDF

The Python Software Foundation has not fixed the problem or warned developers about it for 15 years. At this point the flaw is still not fixed. Although Python developers added a warning in the documentation that opening archives from unreliable sources can be dangerous.

Shop

Learn programming in R: courses

$

Best Python online courses for 2022

$

Best laptop for Fortnite

$

Best laptop for Excel

$

Best laptop for Solidworks

$

Best laptop for Roblox

$

Best computer for crypto mining

$

Best laptop for Sims 4

$

Latest questions

NUMPYNUMPY

Common xlabel/ylabel for matplotlib subplots

12 answers

NUMPYNUMPY

How to specify multiple return types using type-hints

12 answers

NUMPYNUMPY

Why do I get "Pickle - EOFError: Ran out of input" reading an empty file?

12 answers

NUMPYNUMPY

Flake8: Ignore specific warning for entire file

12 answers

NUMPYNUMPY

glob exclude pattern

12 answers

NUMPYNUMPY

How to avoid HTTP error 429 (Too Many Requests) python

12 answers

NUMPYNUMPY

Python CSV error: line contains NULL byte

12 answers

NUMPYNUMPY

csv.Error: iterator should return strings, not bytes

12 answers

News


Wiki

Python | How to copy data from one Excel sheet to another

Common xlabel/ylabel for matplotlib subplots

Check if one list is a subset of another in Python

sin

How to specify multiple return types using type-hints

exp

Printing words vertically in Python

exp

Python Extract words from a given string

Cyclic redundancy check in Python

Finding mean, median, mode in Python without libraries

cos

Python add suffix / add prefix to strings in a list

Why do I get "Pickle - EOFError: Ran out of input" reading an empty file?

Python - Move item to the end of the list

Python - Print list vertically