Introduction
Parsing a malicious tar archive can freeze your Python application. CVE-2025-8194 is a high-severity flaw in the Python tarfile module that allows attackers to trigger an infinite loop and deadlock by supplying archives with negative offsets. This can result in denial of service for any application using tarfile to process untrusted tar files. The vulnerability is rated CVSS 7.5 and affects a wide range of Python deployments.
Technical Information
CVE-2025-8194 is caused by the tarfile module's failure to validate negative offsets in tar archive entries. When a tar archive is parsed, the TarInfo._block method processes entry offsets and sizes. If an attacker crafts a tar archive with a negative offset, the module enters an infinite loop or deadlock during parsing, consuming CPU and memory resources indefinitely. This is a classic resource exhaustion vulnerability (CWE-835). The vulnerable code path is triggered when tarfile attempts to enumerate or extract entries, and the lack of offset validation allows the loop to continue endlessly. This can be exploited by submitting a malicious tar archive to any Python application that processes untrusted tar files using tarfile's extraction or enumeration APIs.
Patch Information
In the Python tarfile
module, a critical update has been implemented to enhance security by validating that all member offsets within a tar archive are non-negative. This measure prevents potential vulnerabilities that could arise from processing malformed or malicious tar files.
The core of this update is the introduction of a validation step that checks the offset of each member in the tar archive. If a member's offset is found to be negative, the module raises a ReadError
, effectively halting the processing of the archive. This proactive approach ensures that any tar file with invalid offsets is promptly identified and rejected, thereby mitigating risks associated with such anomalies.
The implementation of this validation is encapsulated in the following code snippet:
if tarinfo.offset < 0: raise ReadError("invalid member offset")
This simple yet effective check is integrated into the tarfile module's processing routine, providing an additional layer of security against potential exploits that could leverage negative offsets.
By incorporating this validation, the Python development team has fortified the tarfile
module against specific classes of vulnerabilities, ensuring safer handling of tar archives across various applications.
Reference: Python cpython PR 137027
Affected Systems and Versions
The vulnerability affects all Python versions that include the tarfile module prior to the patch referenced in PR 137027. Specific affected versions are not listed in the available materials. Any Python application using tarfile to process untrusted tar archives is at risk.
Vendor Security History
Python, maintained by the Python Software Foundation, is one of the most widely used programming languages globally, powering web applications, data science, automation, and more. The tarfile module is a standard library component for handling tar archives. Historically, tarfile has been the subject of multiple security advisories, including path traversal and denial of service vulnerabilities (e.g., CVE-2025-4517, CVE-2025-4138). The vendor has generally responded with timely patches, but the recurrence of issues in tarfile highlights the complexity and risk inherent in archive handling.