CVE-2025-64118

Sažetak

node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.

Reference

https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d
https://github.com/isaacs/node-tar/issues/445
https://github.com/isaacs/node-tar/pull/446
https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

30-10-2025 - 18:15

Objavljeno

30-10-2025 - 18:15