Количество 35
Количество 35
BDU:2025-09687
Уязвимость модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю вызвать отказ в обслуживании
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
CVE-2025-8194
Tarfile infinite loop during parsing with negative member offset
CVE-2025-8194
There is a defect in the CPython \u201ctarfile\u201d module affecting ...
SUSE-SU-2025:03032-1
Security update for python
SUSE-SU-2025:02984-1
Security update for python311
SUSE-SU-2025:02983-1
Security update for python36
SUSE-SU-2025:02982-1
Security update for python312
SUSE-SU-2025:02948-1
Security update for python310
SUSE-SU-2025:02701-1
Security update for python
SUSE-SU-2025:02700-1
Security update for python39
RLSA-2025:15019
Moderate: python3.9 security update
RLSA-2025:15010
Moderate: python3.11 security update
RLSA-2025:15007
Moderate: python3.12 security update
RLSA-2025:14984
Moderate: python3.12 security update
RLSA-2025:14841
Moderate: python3.11 security update
RLSA-2025:14546
Moderate: python3.12 security update
GHSA-v594-44hm-2j7p
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2025-09687 Уязвимость модуля tarfile интерпретатора языка программирования Python (CPython), позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-8194 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-8194 Tarfile infinite loop during parsing with negative member offset | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
| CVE-2025-8194 There is a defect in the CPython \u201ctarfile\u201d module affecting ... | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | SUSE-SU-2025:03032-1 Security update for python | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:02984-1 Security update for python311 | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:02983-1 Security update for python36 | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:02982-1 Security update for python312 | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:02948-1 Security update for python310 | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:02701-1 Security update for python | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2025:02700-1 Security update for python39 | 0% Низкий | 5 месяцев назад | |
 | RLSA-2025:15019 Moderate: python3.9 security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:15010 Moderate: python3.11 security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:15007 Moderate: python3.12 security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:14984 Moderate: python3.12 security update | 0% Низкий | 3 месяца назад | |
| RLSA-2025:14841 Moderate: python3.11 security update | 0% Низкий | 4 месяца назад | |
| RLSA-2025:14546 Moderate: python3.12 security update | 0% Низкий | 4 месяца назад | |
| GHSA-v594-44hm-2j7p There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу