Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:21816

Опубликовано: 27 нояб. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: delve and golang security update

The Go Programming Language.

Security Fix(es):

  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
delvex86_641.el10_1delve-1.25.2-1.el10_1.x86_64.rpm
golangx86_641.el10_1golang-1.25.3-1.el10_1.x86_64.rpm
golang-binx86_641.el10_1golang-bin-1.25.3-1.el10_1.x86_64.rpm
golang-docsnoarch1.el10_1golang-docs-1.25.3-1.el10_1.noarch.rpm
golang-miscnoarch1.el10_1golang-misc-1.25.3-1.el10_1.noarch.rpm
golang-racex86_641.el10_1golang-race-1.25.3-1.el10_1.x86_64.rpm
golang-srcnoarch1.el10_1golang-src-1.25.3-1.el10_1.noarch.rpm
golang-testsnoarch1.el10_1golang-tests-1.25.3-1.el10_1.noarch.rpm
go-toolsetx86_641.el10_1go-toolset-1.25.3-1.el10_1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-58183

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-58183

CVSS3: 4.3
ubuntu
около 1 месяца назад

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

nvd логотип

CVE-2025-58183

CVSS3: 4.3
nvd
около 1 месяца назад

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

msrc логотип

CVE-2025-58183

msrc
около 1 месяца назад

Unbounded allocation when parsing GNU sparse map in archive/tar

debian логотип

CVE-2025-58183

CVSS3: 4.3
debian
около 1 месяца назад

tar.Reader does not set a maximum size on the number of sparse region ...

github логотип

GHSA-9gcr-gp5f-jw27

CVSS3: 3.3
github
около 1 месяца назад

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.