Acknowledged
Created: Jun 4, 2025
Updated: Jul 4, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace
When using a TarFile.errorlevel = 0\xa0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0\xa0in affected versions is that the member would still be extracted and not skipped.
CREATE(Triage):(User=lchen-cn) CVE-2025-4435 (https://nvd.nist.gov/vuln/detail/CVE-2025-4435)
