17 matches found
EUVD-2017-6468
Malware in sbrugna...
GO-2025-3640 Memory exhaustion in github.com/vbatts/tar-split
Memory exhaustion in github.com/vbatts/tar-split...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper handling of large archives. By creating a malicious archive with very large amounts of padding an attacker can cause the application to consume excessive memory...
RHSA-2022:0988 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update
Bulletin has no description...
RHSA-2022:0998 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) security update
Bulletin has no description...
golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...
golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers
A flaw was found in the golang package, where Reader.Read does not set a limit on the maximum size of file headers. After fixing, Reader.Read limits the maximum size of header blocks to 1 MiB. This flaw allows a maliciously crafted archive to cause Read to allocate unbounded amounts of memory,...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the Reader.Read function. An attacker can cause excessive memory allocation and trigger resource exhaustion or application panics by supplying a speciall...
Fedora: Security Advisory for golang-github-vbatts-tar-split (FEDORA-2022-37aef44d1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: golang-github-vbatts-tar-split-0.11.1-11.fc36
Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive...
Fedora: Security Advisory for golang-github-vbatts-tar-split (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-vbatts-tar-split (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
RHEL 8 : Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) (RHSA-2022:0988)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0988 advisory. Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 golang:...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update
An update for golang-github-vbatts-tar-split is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 8 : Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) (RHSA-2022:0998)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0998 advisory. Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 crypto/tls:...
Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (golang-github-vbatts-tar-split) security update
An update for golang-github-vbatts-tar-split is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Denial Of Service (DoS)
github.com/moby/moby formerly known as github.com/docker/docker is vulnerable to denial of service DoS attacks. These attacks are possible because the NewInputTarStream function in tar-split does not limit the number of \0's at the end of an archive, filling the RAM...