CVE-2025-8194Infinite Loop in Software Foundation Cpython

CWE-835Infinite Loop12 documents9 sources
Severity
7.5HIGHNVD
OSV4.3
EPSS
0.2%
top 54.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Python Software Foundation Cpython
Timeline
PublishedJul 28
Latest updateJan 15

Description

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5python_software_foundation/cpython3.10.03.10.19+5

🔴Vulnerability Details

5
OSV
python2.7 vulnerability2025-08-29
OSV
python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4 vulnerabilities2025-08-21
GHSA
GHSA-v594-44hm-2j7p: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs2025-07-28
OSV
CVE-2025-8194: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs2025-07-28
CVEList
Tarfile infinite loop during parsing with negative member offset2025-07-28

📋Vendor Advisories

6
Oracle
Oracle Oracle Database Server Risk Matrix: RDBMS (Python) — CVE-2025-81942026-01-15
Ubuntu
Python 2.7 vulnerability2025-08-29
Ubuntu
Python vulnerabilities2025-08-21
Red Hat
cpython: Cpython infinite loop when parsing a tarfile2025-07-28
Microsoft
Tarfile infinite loop during parsing with negative member offset2025-07-08
CVE-2025-8194 — Infinite Loop | cvebase