Количество 32
Количество 32
BDU:2025-09687
Уязвимость модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю вызвать отказ в обслуживании
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
CVE-2025-8194
Tarfile infinite loop during parsing with negative member offset
CVE-2025-8194
There is a defect in the CPython \u201ctarfile\u201d module affecting ...
SUSE-SU-2025:03032-1
Security update for python
SUSE-SU-2025:02984-1
Security update for python311
SUSE-SU-2025:02983-1
Security update for python36
SUSE-SU-2025:02982-1
Security update for python312
SUSE-SU-2025:02948-1
Security update for python310
SUSE-SU-2025:02701-1
Security update for python
SUSE-SU-2025:02700-1
Security update for python39
RLSA-2025:14984
Moderate: python3.12 security update
RLSA-2025:14841
Moderate: python3.11 security update
RLSA-2025:14546
Moderate: python3.12 security update
GHSA-v594-44hm-2j7p
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched
ELSA-2025-16117
ELSA-2025-16117: python3 security update (MODERATE)
ELSA-2025-15019
ELSA-2025-15019: python3.9 security update (MODERATE)
ELSA-2025-15010
ELSA-2025-15010: python3.11 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2025-09687 Уязвимость модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
 | CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
 | CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
 | CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
 | CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| CVE-2025-8194 There is a defect in the CPython \u201ctarfile\u201d module affecting ... | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
 | SUSE-SU-2025:03032-1 Security update for python | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:02984-1 Security update for python311 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:02983-1 Security update for python36 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:02982-1 Security update for python312 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:02948-1 Security update for python310 | 0% Низкий | 3 месяца назад | |
| SUSE-SU-2025:02701-1 Security update for python | 0% Низкий | 4 месяца назад | |
| SUSE-SU-2025:02700-1 Security update for python39 | 0% Низкий | 4 месяца назад | |
 | RLSA-2025:14984 Moderate: python3.12 security update | 0% Низкий | около 2 месяцев назад | |
| RLSA-2025:14841 Moderate: python3.11 security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:14546 Moderate: python3.12 security update | 0% Низкий | 3 месяца назад | |
| GHSA-v594-44hm-2j7p There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
| ELSA-2025-16117 ELSA-2025-16117: python3 security update (MODERATE) | 2 месяца назад | ||
| ELSA-2025-15019 ELSA-2025-15019: python3.9 security update (MODERATE) | 3 месяца назад | ||
| ELSA-2025-15010 ELSA-2025-15010: python3.11 security update (MODERATE) | 3 месяца назад |
Уязвимостей на страницу