Back to search
CVE-2025-64118
Published: Oct 30, 2025
Modified: Oct 30, 2025
PUBLISHED
Description
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
| Vendor | Product | Versions |
|---|---|---|
isaacs | node-tar | affected = 7.5.1 |
References
https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph
x_refsource_CONFIRM
https://github.com/isaacs/node-tar/issues/445
x_refsource_MISC
https://github.com/isaacs/node-tar/pull/446
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now