NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-11972

Summary	When using the "tarfile" module with a file opened in "streaming mode" (mode="r\|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer.
Publication Date	June 24, 2026, 8:16 a.m.
Registration Date	June 27, 2026, 4:16 a.m.
Last Update	June 26, 2026, 4:51 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/issues/151981	cna@python.org
2	https://github.com/python/cpython/pull/151982	cna@python.org
3	https://mail.python.org/archives/list/security-announce@python.org/thread/AXPSKKTSRKXTTJULW3XSIC74WZNAAPPB/	cna@python.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-770	制限またはスロットリング無しのリソースの割り当て	https://cwe.mitre.org/data/definitions/770.html
2	CWE-252	未チェックの戻り値	https://cwe.mitre.org/data/definitions/252.html
3	CWE-606	チェックされていないループ条件の入力値	https://cwe.mitre.org/data/definitions/606.html