Lucene search
K

33 matches found

RedHat Linux
RedHat Linux
added 2025/12/10 1:12 a.m.4 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/12/02 2:45 p.m.3 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
OSV
OSV
added 2025/11/27 9:11 a.m.6 views

RLSA-2025:21816 Moderate: delve and golang security update

The Go Programming Language. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the...

7.5CVSS6.8AI score0.00419EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/20 12:35 a.m.7 views

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

4.3CVSS7.1AI score0.00419EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.6 views

Amazon Linux 2023 : golist (ALAS2023-2025-1276)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1276 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.15 views

Amazon Linux 2023 : runc (ALAS2023-2025-1286)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1286 advisory. Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in...

8.4CVSS7.2AI score0.0067EPSS
Exploits4References28
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.3 views

Amazon Linux 2023 : docker (ALAS2023-2025-1274)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1274 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Amazon
Amazon
added 2025/11/10 12:0 a.m.7 views

Important: runc

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...

8.4CVSS7AI score0.0067EPSS
Exploits4
Amazon
Amazon
added 2025/11/10 12:0 a.m.6 views

Important: runc

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...

8.4CVSS7AI score0.0067EPSS
Exploits4
Amazon
Amazon
added 2025/11/10 12:0 a.m.7 views

Important: oci-add-hooks

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
OSV
OSV
added 2025/11/06 12:58 p.m.4 views

BIT-GOLANG-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS6.4AI score0.00419EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/29 10:10 p.m.12 views

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

0.00419EPSS
Exploits0References4
OSV
OSV
added 2025/10/29 9:51 p.m.6 views

GO-2025-4014 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

4.3CVSS6.3AI score0.00419EPSS
Exploits0References3
Rows per page
Query Builder