CVE-2025-8194
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
System detected CVE-2025-8194 with a risk of 1.3
System detected CVE-2025-8194 with a risk of 1.3
System created a ticket for CVE-2025-8194
Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/171
System created a ticket for CVE-2025-8194
Everything after this entry will be synced with the external system. The ticket can be found at https://github.com/l3montree-dev/devguard-action/issues/172
- S
Sebastian Kawelke updated the risk assessment from 1.3 to 2.12
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
- S
Sebastian Kawelke updated the risk assessment from 1.3 to 2.12
Confidentiality Requirement updated: high -> low, Availability Requirement updated: low -> high
System fixed CVE-2025-8194
System fixed CVE-2025-8194
System detected CVE-2025-8194 with a risk of 2.12
Add a comment
Affected component
debian/python3.11