CVE-2025-8194

ADVISORY - nist

Summary

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.

This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

EPSS Score⁠: 0.00102 (0.287)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.