CVE-2007-4559

CRITICALCVSS 9.8

9.8

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

📋 Advisory Details (7)

Auto-updated May 1, 2026

Patch available. Sources: redhat.

generic

Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security

https://security.gentoo.org/glsa/202309-06

generic

[SECURITY] Fedora 40 Update: python3.6-3.6.15-27.fc40 - package-announce - Fedora mailing-lists

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KA4Z44ZAI4SY7THCFBUDNT5EEFO4XQ3A/

generic

[SECURITY] Fedora 39 Update: python3.6-3.6.15-27.fc39 - package-announce - Fedora mailing-lists

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FI55PGL47ES3OU2FQPGEHOI2EK3S2OBH/

generic

[SECURITY] Fedora 38 Update: python3.6-3.6.15-27.fc38 - package-announce - Fedora mailing-lists

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CVBB7NU3YIRRDOKLYVN647WPRR3IAKR6/

redhat✅ Patch Available

263261 – (CVE-2007-4559) CVE-2007-4559 python: tarfile module directory traversal

Affected: Red Hat Enterprise Linux 9

https://bugzilla.redhat.com/show_bug.cgi?id=263261

generic

VUPEN Security - Vulnerability Research and Intelligence

http://www.vupen.com/english/advisories/2007/3022

generic

About Secunia Research | Flexera

http://secunia.com/advisories/26623

Is Your Infrastructure Affected by CVE-2007-4559?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2007-4559

📅 Published

🔄 Last Modified

📋 Advisory Details (7)

Samba: Multiple Vulnerabilities (GLSA 202309-06) — Gentoo security

[SECURITY] Fedora 40 Update: python3.6-3.6.15-27.fc40 - package-announce - Fedora mailing-lists

[SECURITY] Fedora 39 Update: python3.6-3.6.15-27.fc39 - package-announce - Fedora mailing-lists

[SECURITY] Fedora 38 Update: python3.6-3.6.15-27.fc38 - package-announce - Fedora mailing-lists

263261 – (CVE-2007-4559) CVE-2007-4559 python: tarfile module directory traversal

VUPEN Security - Vulnerability Research and Intelligence

About Secunia Research | Flexera

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2007-4559?