Skip to content

Add fuzzing to zipfile and tarfile modules #141048

New issue
New issue
Open
Open
Add fuzzing to zipfile and tarfile modules#141048
Assignees
sethmlarson
Labels
stdlibStandard Library Python modules in the Lib/ directorytype-securityA security issue
@sethmlarson

Description

@sethmlarson
sethmlarson
opened on Nov 5, 2025

The zipfile and tarfile modules both are used to process potentially untrusted inputs from the internet, most relevantly through Python packaging. zipfile and tarfile have security-focused settings to allow unpacking archives into specific directories with the expectation that the contents only affect the directory being unpacked into and not other directories. This gives an easy target to evaluate, whether the filesystem beyond the target directory is modified.

Metadata

Metadata

Assignees

Labels

stdlibStandard Library Python modules in the Lib/ directorytype-securityA security issue

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions