csaf_certbund - wid-sec-w-2025-1664

wid-sec-w-2025-1664

Vulnerability from csaf_certbund

Published

2025-07-28 22:00

Modified

2025-08-14 22:00

Summary

Python: Schwachstelle ermöglicht Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Python ist eine universelle, üblicherweise interpretierte, höhere Programmiersprache.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Python ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Python ist eine universelle, \u00fcblicherweise interpretierte, h\u00f6here Programmiersprache.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Python ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1664 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1664.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1664 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1664"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-07-28",
        "url": "https://github.com/advisories/GHSA-v594-44hm-2j7p"
      },
      {
        "category": "external",
        "summary": "Python Mailing List vom 2025-07-28",
        "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-11BBA426AF vom 2025-07-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-11bba426af"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2025-4545FE5AB5 vom 2025-07-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-4545fe5ab5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-2EA6A30958 vom 2025-07-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2ea6a30958"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2025-C0A44D2C63 vom 2025-07-29",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c0a44d2c63"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-64ABF2FF21 vom 2025-08-03",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-64abf2ff21"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-2E992DDFA0 vom 2025-08-03",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2e992ddfa0"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15402-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONB7SKUUZCQSUV6SPZZV2PJ75G26HCY7/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15404-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5I2YVZITRCKVITMSLXAUYDL2UANH3KZF/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15403-1 vom 2025-08-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EUQFAOWP74TTJ6VHHWA4ZVZP2JSQXGS4/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15409-1 vom 2025-08-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4X7EZQK5T7G5FBS33LJ64XQSNRZ4OJ4T/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02701-1 vom 2025-08-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/36SS3VDCSJPSKIXZ57CBGDJG6VNKSPLY/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02700-1 vom 2025-08-05",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KDCH6OG2HPBYCI5GOE3SEXDWD7ENVHA5/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02717-1 vom 2025-08-06",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L2NLBYO6X4C452ZDTZWTPSMMIOSSOPDD/"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-1A9AD70C05 vom 2025-08-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-1a9ad70c05"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-B8DC0E26EC vom 2025-08-11",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-b8dc0e26ec"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02767-1 vom 2025-08-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022140.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-1903CFAE97 vom 2025-08-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-1903cfae97"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-8F560FCC9B vom 2025-08-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-8f560fcc9b"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02778-1 vom 2025-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022149.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02787-1 vom 2025-08-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022153.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02802-1 vom 2025-08-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022161.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Python: Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-08-14T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-15T07:22:14.608+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1664",
      "initial_release_date": "2025-07-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora und European Union Vulnerability Database aufgenommen"
        },
        {
          "date": "2025-08-03T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-08-05T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von openSUSE und SUSE aufgenommen"
        },
        {
          "date": "2025-08-06T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-08-11T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE und Fedora aufgenommen"
        },
        {
          "date": "2025-08-13T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-08-14T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Python",
            "product": {
              "name": "Open Source Python",
              "product_id": "T045708",
              "product_identification_helper": {
                "cpe": "cpe:/a:python:python:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-8194",
      "product_status": {
        "known_affected": [
          "T002207",
          "T027843",
          "T045708",
          "74185"
        ]
      },
      "release_date": "2025-07-28T22:00:00.000+00:00",
      "title": "CVE-2025-8194"
    }
  ]
}

CVE-2025-8194 (GCVE-0-2025-8194)

Vulnerability from cvelistv5

Published

2025-07-28 18:42

Modified

2025-08-14 18:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1

References

►

URL

Tags

	https://github.com/python/cpython/issues/130577	issue-tracking
	https://github.com/python/cpython/pull/137027	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/	vendor-advisory
	https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38	patch
	https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe	patch
	https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1	mitigation
	https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f	patch
	https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227	patch

Impacted products

	Vendor	Product	Version
	Python Software Foundation	CPython	Version: 0 Version: 3.14.0a1

Show details on NVD website