Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data

Summary node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. These can affect IBM watsonx.data...

SUSE CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

PT-2025-44446

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2 Description node-tar is a Tar for Node.js. When using the .t also known as .list function with the sync: true option to read tar entry contents, uninitialized memory contents may be returned if the tar file is...