Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-8194

Опубликовано: 28 июл. 2025
Источник: debian

Описание

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.13fixed3.13.6-1package
python3.13no-dsatrixiepackage
python3.12removedpackage
python3.11removedpackage
python3.11no-dsabookwormpackage
python3.9removedpackage
python3.9postponedbullseyepackage
python2.7removedpackage
python2.7end-of-lifebullseyepackage

Примечания

  • https://github.com/python/cpython/issues/130577

  • https://github.com/python/cpython/pull/137027

  • https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/

  • Fixed by: https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38 (main)

  • Fixed by: https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe (3.13-branch)

Связанные уязвимости

ubuntu логотип

CVE-2025-8194

CVSS3: 7.5
ubuntu
3 месяца назад

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

redhat логотип

CVE-2025-8194

CVSS3: 7.5
redhat
3 месяца назад

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

nvd логотип

CVE-2025-8194

CVSS3: 7.5
nvd
3 месяца назад

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

suse-cvrf логотип

SUSE-SU-2025:03032-1

suse-cvrf
около 2 месяцев назад

Security update for python

suse-cvrf логотип

SUSE-SU-2025:02984-1

suse-cvrf
около 2 месяцев назад

Security update for python311