Important: runc

Issue Overview: Placeholder CVE. Details forthcoming CVE-2025-31133 net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to b...

Amazon Linux 2 : runc, --advisory ALAS2ECS-2025-077 (ALASECS-2025-077)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-077 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-078 (ALASDOCKER-2025-078)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2025-078 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

Amazon Linux 2023 : runc (ALAS2023-2025-1263)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1263 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-072 (ALASNITRO-ENCLAVES-2025-072)

The version of runc installed on the remote host is prior to 1.3.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-072 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

BIT-GOLANG-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

MGASA-2025-0256 Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

CVE-2025-58183

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

CVE-2025-58147 x86: Incorrect input sanitisation in Viridian hypercalls

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

Unbounded allocation when parsing GNU sparse map in archive/tar

...

EUVD-2025-36731

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-68994 CVE-2025-58183 affecting package podman 4.1.1-26

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69033 CVE-2025-58183 affecting package containerized-data-importer for versions less than 1.55.0-26

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69302 CVE-2025-58183 affecting package moby-engine for versions less than 25.0.3-14

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69005 CVE-2025-58183 affecting package podman 5.6.1-7

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69002 CVE-2025-58183 affecting package cri-o 1.30.1-1

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69200 CVE-2025-58183 affecting package gh for versions less than 2.62.0-10

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69134 CVE-2025-58183 affecting package containerized-data-importer for versions less than 1.57.0-17

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-68999 CVE-2025-58183 affecting package buildah 1.41.4-6

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

AZL-69251 CVE-2025-58183 affecting package golang 1.26.0-1

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...