A critical denial-of-service vulnerability in the Python CPython tarfile module allows an attacker to cause resource exhaustion by crafting a malicious archive.

This vulnerability involves improper input validation within the "tarfile" module when processing files in streaming mode (mode="r|"). An unauthenticated attacker can exploit this by providing a specially crafted archive that causes the parser to enter an infinite loop, leading to CPU exhaustion.

Successful exploitation results in a Denial of Service (DoS) condition, potentially rendering applications reliant on the affected CPython library unresponsive. Given the CVSS score of 8.2, this represents a significant risk to operational continuity, especially for automated systems that process untrusted file uploads or external data streams.

Immediate Action: Update to the latest version of Python provided by the vendor as soon as the security patch is released.

Proactive Monitoring: Monitor system resource usage, specifically CPU spikes, in applications that utilize the "tarfile" module for handling external data.

Compensating Controls: Implement strict file size limits and timeout constraints on all ingestion pipelines that process archives to mitigate the impact of potential infinite loops.

Public Exploit Available: false

This vulnerability poses a clear risk to system availability. Administrators should prioritize identifying all internal services utilizing the affected "tarfile" module and prepare for a swift update deployment once the vendor releases a patched version.