CVE-2025-13462

ADVISORY - nist

Summary

The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

EPSS Score⁠: 0.00033 (0.093)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

CWE-434⁠

Unrestricted Upload of File with Dangerous Type

CWE-74⁠

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.