VDB
BIT-libpython-2025-8194
BIT-libpython-2025-8194
PUBLISHED
CVSS 7.5 HIGH
Tarfile infinite loop during parsing with negative member offset
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | libpython | 0, 3.10.0, 3.11.0 |
Timeline
- Aug 11, 2025 CVE Published
- Feb 11, 2026 CVE Updated
References
- https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 url
- https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38 url
- https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f url
- https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe url
- https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227 url
- https://github.com/python/cpython/issues/130577 url
- https://github.com/python/cpython/pull/137027 url
- https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-8194 url
- https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2 url
- https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19 url
- https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb url
- http://www.openwall.com/lists/oss-security/2025/07/28/1 url
- http://www.openwall.com/lists/oss-security/2025/07/28/2 url
- https://github.com/python/cpython/pull/57f5981d6260ed21266e0c26951b8564cc252bc2 url
- https://github.com/python/cpython/pull/73f03e4808206f71eb6b92c579505a220942ef19 url
- https://github.com/python/cpython/pull/b4ec17488eedec36d3c05fec127df71c0071f6cb url
- https://github.com/python/cpython/pull/c9d9f78feb1467e73fd29356c040bde1c104f29f url
- https://github.com/python/cpython/pull/cdae923ffe187d6ef916c0f665a31249619193fe url
- https://github.com/python/cpython/pull/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227 url