CVE-2025-64118
Description
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-64118? +
How do I check if I'm vulnerable to CVE-2025-64118? +
Related Vulnerabilities
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of …
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers …
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue …
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a …
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if …
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory …