CVE Details
| CVE ID |
Severity |
Affected Package |
Installed Version |
Fixed Version |
Date Published |
Date of Scan |
| CVE-2025-64118 |
MEDIUM |
tar |
7.5.1 |
7.5.2 |
2025-10-30T18:15:33.673Z |
2025-11-06T10:18:23.342217061Z |
Affected Docker Images
| Image Name |
SHA |
public.ecr.aws/lambda/nodejs:24-preview |
public.ecr.aws/lambda/nodejs@sha256:6523a3ae1f7601140e3f2c065d08894c91b9325ad42e9ae58bda1eb4fefe808b |
Description
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2.
Remediation Steps
- Update the affected package
tar from version 7.5.1 to 7.5.2.
About this issue
- This issue may not contain all the information about the CVE nor the images it affects.
- This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
- For more, visit Lambda Watchdog.
- This issue was created automatically by Lambda Watchdog.
