CVE-2025-8194: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') in Python Software Foundation CPython
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
AI Analysis
Technical Summary
This vulnerability in CPython's tarfile module arises from improper handling of tar archives containing negative offsets. The TarFile extraction and entry enumeration APIs do not detect or reject these invalid offsets, leading to an infinite loop and deadlock during parsing. This defect corresponds to CWE-835 (Loop with Unreachable Exit Condition). The issue affects CPython versions 0, 3.11.0, 3.12.0, 3.13.0, and 3.14.0a1. Although no official patch link is provided, a mitigation patch is publicly available as a code snippet to be applied post-import of the tarfile module.
Potential Impact
The vulnerability can cause denial of service by triggering an infinite loop and deadlock when processing malicious tar archives. This results in application unavailability or resource exhaustion. There is no impact on confidentiality or integrity reported. No known exploits are currently in the wild.
Mitigation Recommendations
A mitigation patch is available as a code snippet that should be applied immediately after importing the tarfile module. Since no official vendor patch link is provided, users should apply this workaround until an official fix is released. Monitor the Python Software Foundation advisories for an official patch. Patch status is not yet confirmed from vendor advisory; check for updates.
CVE-2025-8194: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') in Python Software Foundation CPython
Description
There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in CPython's tarfile module arises from improper handling of tar archives containing negative offsets. The TarFile extraction and entry enumeration APIs do not detect or reject these invalid offsets, leading to an infinite loop and deadlock during parsing. This defect corresponds to CWE-835 (Loop with Unreachable Exit Condition). The issue affects CPython versions 0, 3.11.0, 3.12.0, 3.13.0, and 3.14.0a1. Although no official patch link is provided, a mitigation patch is publicly available as a code snippet to be applied post-import of the tarfile module.
Potential Impact
The vulnerability can cause denial of service by triggering an infinite loop and deadlock when processing malicious tar archives. This results in application unavailability or resource exhaustion. There is no impact on confidentiality or integrity reported. No known exploits are currently in the wild.
Mitigation Recommendations
A mitigation patch is available as a code snippet that should be applied immediately after importing the tarfile module. Since no official vendor patch link is provided, users should apply this workaround until an official fix is released. Monitor the Python Software Foundation advisories for an official patch. Patch status is not yet confirmed from vendor advisory; check for updates.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- PSF
- Date Reserved
- 2025-07-25T14:05:55.899Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6887c950ad5a09ad00867b28
Added to database: 7/28/2025, 7:02:40 PM
Last enriched: 4/22/2026, 5:42:54 AM
Last updated: 5/10/2026, 9:31:07 AM
Views: 193
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.