Description
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.

This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Published: 2025-07-28
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote or Local Denial of Service via infinite loop
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in CPython’s tarfile module, where parsing a tar archive with a negative member offset triggers an infinite loop and deadlock in the extraction and enumeration APIs. The flaw does not disclose data but prevents the process from completing, effectively hanging the application that attempts to read or list the archive. The severity of the denial of service is reflected in a CVSS score of 7.5 and a CWE‐835 classification of infinite loop.

Affected Systems

Python Software Foundation CPython is the affected product. All CPython releases that include the unpatched tarfile implementation are vulnerable, as the security advisory does not specify a limited version set. Systems running Python and using tarfile to extract or inspect uploaded archives are at risk.

Risk and Exploitability

Although the exploit requires crafting a malicious tar archive, it can be achieved by an attacker who can trigger tarfile processing – potentially via a file upload interface, command‑line operations, or automated extraction tasks. The EPSS score of less than 1% indicates a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation at the time of analysis. Still, the infinite loop can consume CPU resources until the process is killed, allowing an attacker to force a denial of service on the target system.

Generated by OpenCVE AI on April 22, 2026 at 11:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch provided in the official advisory, such as the code snippet linked in the vulnerability description, immediately after any import of the tarfile module
  • Upgrade to a CPython release that contains the committed fix (see the referenced GitHub commits and pull request that address the issue)
  • If an upgrade is not feasible, neutralize the attack surface by rejecting tar archives with negative offsets or validating archive offsets before processing, thereby preventing the infinite loop condition.

Generated by OpenCVE AI on April 22, 2026 at 11:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4445-1 python3.9 security update
EUVD EUVD EUVD-2025-22999 There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
Ubuntu USN Ubuntu USN USN-7710-1 Python vulnerabilities
Ubuntu USN Ubuntu USN USN-7710-2 Python 2.7 vulnerability
History

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Wed, 24 Sep 2025 18:00:00 +0000

Type Values Removed Values Added
References

Thu, 07 Aug 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 29 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Description There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count):     if count < 0: # pragma: no cover         raise tarfile.InvalidHeaderError("invalid offset")     return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:  https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
References

Tue, 29 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 29 Jul 2025 08:00:00 +0000

Type Values Removed Values Added
First Time appeared Python
Python cpython
Vendors & Products Python
Python cpython

Mon, 28 Jul 2025 19:45:00 +0000

Type Values Removed Values Added
References

Mon, 28 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 28 Jul 2025 19:00:00 +0000

Type Values Removed Values Added
Description There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: import tarfile def _block_patched(self, count):     if count < 0: # pragma: no cover         raise tarfile.InvalidHeaderError("invalid offset")     return _block_patched._orig_block(self, count) _block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched
Title Tarfile infinite loop during parsing with negative member offset
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Python Cpython
cve-icon MITRE

Status: PUBLISHED

Assigner: PSF

Published:

Updated: 2026-04-21T20:17:39.595Z

Reserved: 2025-07-25T14:05:55.899Z

Link: CVE-2025-8194

cve-icon Vulnrichment

Updated: 2025-11-04T22:06:48.390Z

cve-icon NVD

Status : Deferred

Published: 2025-07-28T19:15:43.793

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-8194

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-28T18:42:44Z

Links: CVE-2025-8194 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:30:15Z

Weaknesses