CNNVD-202510-4191 Information

CNNVD ID

CNNVD-202510-4191

Related CVE

CVE-2025-64118

• CNNVD Published: 2025-10-30

Description (Chinese)

node-tar是isaacs个人开发者的一款用于文件压缩/解压缩的软件包。 node-tar 7.5.1版本存在安全漏洞，该漏洞源于使用.t读取tar条目内容时返回未初始化内存内容，可能导致信息泄露。

Description (English)

Node-tar is a software package for file compression/decompression by the personal developer of the saacs. Node-tar version 7.5.1 contains a security loophole that originates from the return of uninitialized memory content when using .t to read the contents of the entry on tar, which may lead to the disclosure of information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph