![]() |
|
Message-ID: <c1d8d50a-9e67-411e-8f1e-cb2de457a637@oracle.com> Date: Mon, 28 Jul 2025 12:55:19 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com Subject: Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset -------- Forwarded Message -------- Subject: [Security-announce][CVE-2025-8194] Tarfile infinite loop during parsing with negative member offset Date: Mon, 28 Jul 2025 18:44:01 +0000 From: Seth Larson <seth@...hon.org> Reply-To: security-sig@...hon.org To: security-announce@...hon.org There is a HIGH severity vulnerability affecting {project}. There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched Please see the linked CVE ID for the latest information on affected versions: * https://www.cve.org/CVERecord?id=CVE-2025-8194 * https://github.com/python/cpython/pull/137027 _______________________________________________ Security-announce mailing list -- security-announce@...hon.org https://mail.python.org/mailman3//lists/security-announce.python.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.