GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

GHSA-HW5X-4R37-72W7 OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

GO-2026-4352 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu

OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format in github.com/opentofu/opentofu...

OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...

GHSA-R92C-9C7F-3PJ8 OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may cause high CPU usage when encountering maliciously-crafted .zip archives for either provider or module distribution packages. Those who depend on modules or providers...

GO-2025-4101 OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses in github.com/opentofu/opentofu

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses in github.com/opentofu/opentofu...

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

GHSA-W2JF-268Q-MRVH OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

EUVD-2025-38039

OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses...