122 matches found
RockyLinux 8 : osbuild-composer (RLSA-2026:1380)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1380 advisory. golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 Tenable has extracted the preceding description block directly from the...
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images a...
RLSA-2026:1381 Moderate: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...
RLSA-2026:1377 Moderate: image-builder security update
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS scor...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
Medium: amazon-ecr-credential-helper
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
Medium: amazon-ecr-credential-helper
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
Unbounded allocation for old GNU sparse in archive/tar
...
SUSE CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
DEBIAN-CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
UBUNTU-CVE-2026-32288
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format...
CVE-2026-32288
CVE-2026-32288 affects Go’s archive/tar parsing of the old GNU sparse map format. A malicious tar with many sparse regions can trigger tar.Reader to allocate unbounded memory, potentially exhausting memory and causing high availability impact. Documented impact metrics show LOCAL attack vector, L...
PT-2026-31065
Name of the Vulnerable Software and Affected Versions tar.Reader affected versions not specified Description tar.Reader can allocate an unbounded amount of memory when processing a specially crafted archive containing numerous sparse regions encoded using the "old GNU sparse map" format. This can...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...