18 matches found
TencentOS Server 4: buildah (TSSA-2025:0726)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0726 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2025-58058
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte...
CVE-2025-58058
A memory leak flaw has been discovered in the golang github.com/ulikunitz/xz package. In affected versions, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the curren...
SUSE CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66713 CVE-2025-58058 affecting package buildah 1.18.0-29
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66750 CVE-2025-58058 affecting package terraform for versions less than 1.3.2-27
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66741 CVE-2025-58058 affecting package packer for versions less than 1.9.5-15
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66731 CVE-2025-58058 affecting package podman for versions less than 5.6.1-2
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66716 CVE-2025-58058 affecting package podman 4.1.1-26
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66759 CVE-2025-58058 affecting package packer for versions less than 1.9.5-10
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66723 CVE-2025-58058 affecting package cri-o for versions less than 1.22.3-16
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
AZL-66720 CVE-2025-58058 affecting package containerized-data-importer for versions less than 1.55.0-25
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
UBUNTU-CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives
Summary It is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA head...
xz 安全漏洞
xz is a software application. It is used to support reading and writing xz compressed streams. A security vulnerability exists in xz versions prior to 0.5.14, which stems from insufficient detection of the header of LZMA-encoded byte streams and may lead to increased memory consumption...
EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2021-1764)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer overflow in DxeImageVerificationHandler EDK II may allow an authenticated user to potentially enable denial of service via...
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2021-1764)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...