CVE-2025-8194

Tarfile infinite loop during parsing with negative member offset

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

Existe un defecto en el módulo "tarfile" de CPython que afecta a las API de extracción y enumeración de entradas de "TarFile". La implementación de tar procesaba archivos tar con desplazamientos negativos sin errores, lo que resultaba en un bucle infinito y un bloqueo durante el análisis de archivos tar manipulados con fines maliciosos. Esta vulnerabilidad se puede mitigar incluyendo el siguiente parche después de importar el módulo "tarfile": import tarfile def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched

This update for python39 fixes the following issues. Fixed denial of service caused by tar archives with negative offsets.

*Credits: Alexander Urieles, Seth Larson, Ethan Furman, Steve Dower

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-07-25 CVE Reserved
2025-07-28 CVE Published
2025-08-08 EPSS Updated
2025-08-14 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CAPEC

References (8)

URL	Tag	Source
https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1	Mitigation
https://github.com/python/cpython/issues/130577	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38	2025-08-07
https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f	2025-08-07
https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe	2025-08-07
https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227	2025-08-07
https://github.com/python/cpython/pull/137027	2025-08-07

URL	Date	SRC
https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D	2025-08-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Python Software Foundation Search vendor "Python Software Foundation"		CPython Search vendor "Python Software Foundation" for product "CPython"				< 3.13.6 Search vendor "Python Software Foundation" for product "CPython" and version " < 3.13.6"		en		Affected