High severity7.5NVD Advisory· Published Jul 28, 2025· Updated Apr 15, 2026
CVE-2025-8194
CVE-2025-8194
Description
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- www.openwall.com/lists/oss-security/2025/07/28/1nvd
- www.openwall.com/lists/oss-security/2025/07/28/2nvd
- gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1nvd
- github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2nvd
- github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38nvd
- github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19nvd
- github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cbnvd
- github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29fnvd
- github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fenvd
- github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227nvd
- github.com/python/cpython/issues/130577nvd
- github.com/python/cpython/pull/137027nvd
- mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/nvd
News mentions
0No linked articles in our index yet.