CNNVD-202507-3503 Information

Jul 28, 2025 cve

CNNVD ID

CNNVD-202507-3503

CVE-2025-8194

CNNVD Published: 2025-07-28

Description (Chinese)

CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞，该漏洞源于恶意tar文件可能导致无限循环和死锁。

Description (English)

CPython is a Python interpreter for the Python Foundation in the C language. There is a security loophole in CPython, which stems from the malicious tar document that could lead to unlimited circulation and death locks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Python

Published

2025-07-28

Last Modified

2026-02-24

References

https://github.com/python/cpython/pull/137027 https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/ https://github.com/python/cpython/issues/130577 https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38 https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 https://access.redhat.com/security/cve/cve-2025-8194 https://www.oracle.com/security-alerts/cpujan2026.html https://vigilance.fr/vulnerability/Python-Core-overload-via-tarfile-47806

Share on: