Fwd:[CVE-2025-8194] Cpython Tarfile infinite loop during parsing with negative member offset

[Alan Coopersmith <alan.coopersmith () oracle com>]

-------- Forwarded Message --------
Subject:        [Security-announce][CVE-2025-8194] Tarfile infinite loop during parsing with negative member offset
Date:   Mon, 28 Jul 2025 18:44:01 +0000
From:   Seth Larson <seth () python org>
Reply-To:       security-sig () python org
To:     security-announce () python org



There is a HIGH severity vulnerability affecting {project}.

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The 
tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and 
deadlock during the parsing of maliciously crafted tar archives.

This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:

import tarfile

def _block_patched(self, count):
     if count < 0: # pragma: no cover
         raise tarfile.InvalidHeaderError("invalid offset")
     return _block_patched._orig_block(self, count)

_block_patched._orig_block = tarfile.TarInfo._block
tarfile.TarInfo._block = _block_patched

Please see the linked CVE ID for the latest information on affected versions:

* https://www.cve.org/CVERecord?id=CVE-2025-8194
* https://github.com/python/cpython/pull/137027

_______________________________________________
Security-announce mailing list -- security-announce () python org
https://mail.python.org/mailman3//lists/security-announce.python.org