CVE-2007-4559 PoC — Python tarfile 模块路径遍历漏洞

Source

https://github.com/depers-rus/CVE-2007-4559

Associated Vulnerability

Title:Python tarfile 模块路径遍历漏洞 (CVE-2007-4559)
Description:Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Readme

# PoC or Exploit for CVE-2007-4559
A malicious TAR archive can include file paths like ../../../../etc/passwd, which try to "climb up" out of the intended extraction folder.

If a Python script uses tarfile.extract() or extractall() without checking the file paths, it will unpack files to those locations — even if they point outside the target directory.

That means a hacker could overwrite sensitive or system files, especially if the user runs the script with elevated permissions.

# Vulnerable
As of 2025, both Debian 11–12 and Ubuntu 24 are still affected by this vulnerability. Other operating systems haven’t been tested, but these two are among the most widely used, so that alone is concerning. Even though this vulnerability dates back to 2007, it’s still present in LTS (long-term support) versions — and the vulnerable software isn’t patched automatically through a standard apt upgrade.

# Proof
![изображение](https://github.com/user-attachments/assets/0b5aaf01-0ecd-47bd-9f88-a71f8e23dec0)

File Snapshot


 [4.0K]  /data/pocs/3beb6ca03441136a885f372923f6ce7182b47cb0
├── [1.9K]  CVE-2007-4559-PoC.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!