62 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-32288
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the old...
SUSE CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
EUVD-2026-20016
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
DEBIAN-CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
UBUNTU-CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
CVE-2026-32288 affects Go’s archive/tar parsing of the old GNU sparse map format. A malicious tar with many sparse regions can trigger tar.Reader to allocate unbounded memory, potentially exhausting memory and causing high availability impact. Documented impact metrics show LOCAL attack vector, L...
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
GO-2026-4869 Unbounded allocation for old GNU sparse in archive/tar
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
Security Bulletin: Unbounded Memory Allocation in Go tar package When Processing Sparse Files, affects watsonx.data
Summary Go tar package's tar.Reader does not limit the number of sparse region blocks in GNU tar pax 1.0 sparse files. Malicious archives with many sparse regions can trigger excessive memory allocation, potentially causing memory exhaustion, even from small compressed inputs. This can affect...
PT-2026-31065
Name of the Vulnerable Software and Affected Versions tar.Reader affected versions not specified Description tar.Reader can allocate an unbounded amount of memory when processing a specially crafted archive containing numerous sparse regions encoded using the "old GNU sparse map" format. This can...
[SECURITY] Fedora 43 Update: rust-astral-tokio-tar-0.6.0-1.fc43
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
[SECURITY] Fedora 43 Update: rust-tar-0.4.45-1.fc43
A Rust implementation of a TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once...
[SECURITY] Fedora 44 Update: rust-tar-0.4.45-1.fc44
A Rust implementation of a TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once...
[SECURITY] Fedora 44 Update: rust-astral-tokio-tar-0.6.0-1.fc44
A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
Advisory ROSA-SA-2026-3146
Software: grafana 9.2.10 OS: ROSA Virtualization 3.1 unaffected versions = grafana-9.2.10-27.rv31 affected versions grafana-9.2.10-27.rv31 CVE-ID: CVE-2025-22871 BDU-ID: 2025-04014 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the net/http package of the Go programming language is related to...
ROS-20260209-73-0030
A vulnerability in the tar.Reader component of the Go programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...