9 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016814)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016814 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...
Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016489)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016489 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...
AZL-69251 CVE-2025-58183 affecting package golang 1.26.0-1
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
AZL-69302 CVE-2025-58183 affecting package moby-engine for versions less than 25.0.3-14
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
AZL-69296 CVE-2025-58183 affecting package skopeo for versions less than 1.14.2-13
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
AZL-78907 CVE-2025-58183 affecting package golang 1.25.7-1
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
AZL-69005 CVE-2025-58183 affecting package podman 5.6.1-7
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...
CVE-2007-3644
archivereadsupportformattar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service infinite loop via 1 an end-of-file condition within a pax extension header or 2 a malformed pax extension header in an a PAX or a b TAR archive...