Bug 2402342 (CVE-2025-8291)

Summary: CVE-2025-8291 cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bbrownin, dfreiber, drow, gotiwari, jburrell, jgrulich, jhorak, ljawale, luizcosta, mvyas, nweather, rbobbitt, teagle, tpopela, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2402857, 2402869, 2402876, 2402858, 2402859, 2402860, 2402861, 2402862, 2402863, 2402864, 2402865, 2402866, 2402867, 2402868, 2402870, 2402871, 2402872, 2402873, 2402874, 2402875, 2402877    
Bug Blocks:    

Description OSIDB Bzimport 2025-10-07 19:01:48 UTC 
The 'zipfile' module would not check the validity of the ZIP64 End of
Central Directory (EOCD) Locator record offset value would not be used to
locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be
assumed to be the previous record in the ZIP archive. This could be abused
to create ZIP archives that are handled differently by the 'zipfile' module
compared to other ZIP implementations.


Remediation maintains this behavior, but checks that the offset specified
in the ZIP64 EOCD Locator record matches the expected value.
Comment 2 errata-xmlrpc 2025-12-18 01:16:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23530 https://access.redhat.com/errata/RHSA-2025:23530
Comment 3 errata-xmlrpc 2025-12-18 12:21:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23323 https://access.redhat.com/errata/RHSA-2025:23323
Comment 4 errata-xmlrpc 2025-12-18 12:23:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23342 https://access.redhat.com/errata/RHSA-2025:23342
Comment 6 errata-xmlrpc 2025-12-22 16:28:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23940 https://access.redhat.com/errata/RHSA-2025:23940
Comment 7 errata-xmlrpc 2026-01-06 10:37:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:0123 https://access.redhat.com/errata/RHSA-2026:0123
Comment 8 errata-xmlrpc 2026-01-08 13:43:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:0353 https://access.redhat.com/errata/RHSA-2026:0353
Comment 9 errata-xmlrpc 2026-01-08 14:26:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0354 https://access.redhat.com/errata/RHSA-2026:0354
Comment 10 errata-xmlrpc 2026-01-08 14:37:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:0355 https://access.redhat.com/errata/RHSA-2026:0355