A high-severity vulnerability exists in multiple products from "There" that utilize the CPython "tarfile" module for processing archive files. An attacker could exploit this flaw by crafting a malicious tar file, potentially leading to unauthorized file modification, data exposure, or system crashes when the file is processed by a vulnerable application. Organizations are urged to apply vendor-supplied patches immediately to mitigate the significant risk of system compromise or service disruption.

The vulnerability resides within the CPython "tarfile" module, a standard library used for handling .tar archive files. Specifically, defects in the TarFile extraction and entry enumeration APIs can be triggered when processing a maliciously crafted archive. An attacker can exploit this by creating a .tar file that, when opened or extracted by a vulnerable application, could lead to path traversal (allowing files to be written outside the intended destination directory), denial of service through resource exhaustion, or other unexpected behaviors. The exploit requires an application to process an attacker-controlled .tar file.

This vulnerability is rated as High severity with a CVSS score of 7.5, posing a significant risk to the organization. Successful exploitation could lead to severe consequences, including loss of data integrity and confidentiality if an attacker overwrites critical system files via path traversal. Furthermore, the defect could be leveraged to cause a denial-of-service condition, crashing essential applications and leading to operational downtime. In the most critical scenarios, this vulnerability could be a vector for achieving remote code execution, resulting in a complete compromise of the affected system.

Immediate Action: System administrators should immediately apply the security updates provided by the vendor to all affected products. After patching, it is crucial to monitor systems for any signs of attempted exploitation by reviewing application and system logs for errors or anomalous activity related to file extraction.

Proactive Monitoring: Security teams should configure monitoring to detect potential exploitation attempts. This includes watching for application logs indicating failures in .tar file processing, unexpected file write operations to sensitive system directories (e.g., /etc, /bin), and abnormal CPU or memory consumption by processes that handle archives.

Compensating Controls: If patching cannot be immediately deployed, consider the following controls:

• Sandboxing: Run applications that process .tar files in a restricted, containerized environment with limited filesystem access.
• Input Validation: If possible, programmatically inspect the contents of .tar archives for malicious path traversal sequences (e.g., ../) before extraction.
• Disable Functionality: Temporarily disable any application features that allow the processing of user-supplied .tar files until patches can be applied.

Public Exploit Available: false

Due to the High severity rating (CVSS 7.5) of this vulnerability, immediate action is required. We recommend that all system owners identify and patch affected products from "There" without delay, prioritizing internet-facing systems and applications that process externally-sourced archive files. Although there is no evidence of active exploitation at this time and it is not on the CISA KEV list, the widespread use of the CPython tarfile module makes it an attractive target for attackers. If immediate patching is not feasible, implement the suggested compensating controls, such as sandboxing and input validation, to mitigate the risk of exploitation.