exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 14

CVE-2025-58058

5 месяцев назад

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.

CVSS3: 5.3

EPSS: Низкий

CVE-2025-58058

5 месяцев назад

CVSS3: 5.3

EPSS: Низкий

CVE-2025-58058

5 месяцев назад

CVSS3: 5.3

EPSS: Низкий

CVE-2025-58058

4 месяца назад

github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

CVSS3: 5.3

EPSS: Низкий

CVE-2025-58058

5 месяцев назад

xz is a pure golang package for reading and writing xz-compressed file ...

CVSS3: 5.3

EPSS: Низкий

openSUSE-SU-2025:20031-1

3 месяца назад

Security update for warewulf4

EPSS: Низкий

SUSE-SU-2025:03448-1

4 месяца назад

Security update for warewulf4

EPSS: Низкий

GHSA-jc7w-c686-c4v9

5 месяцев назад

github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives

CVSS3: 5.3

EPSS: Низкий

BDU:2025-12797

5 месяцев назад

Уязвимость языка программирования Go, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 5.3

EPSS: Низкий

openSUSE-SU-2025:20073-1

около 2 месяцев назад

Security update for alloy

EPSS: Низкий

SUSE-SU-2025:4121-1

около 2 месяцев назад

Security update for alloy

EPSS: Низкий

ROS-20251124-04

около 2 месяцев назад

Уязвимость golang-github-ulikunitz-xz

CVSS3: 5.3

EPSS: Низкий

openSUSE-SU-2025:20160-1

около 1 месяца назад

Security update for hauler

EPSS: Низкий

openSUSE-SU-2025:20117-1

около 2 месяцев назад

Security update for trivy

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-58058 xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.	CVSS3: 5.3	0% Низкий	5 месяцев назад
CVE-2025-58058 xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.	CVSS3: 5.3	0% Низкий	5 месяцев назад
CVE-2025-58058 xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.	CVSS3: 5.3	0% Низкий	5 месяцев назад
CVE-2025-58058 github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives	CVSS3: 5.3	0% Низкий	4 месяца назад
CVE-2025-58058 xz is a pure golang package for reading and writing xz-compressed file ...	CVSS3: 5.3	0% Низкий	5 месяцев назад
openSUSE-SU-2025:20031-1 Security update for warewulf4		0% Низкий	3 месяца назад
SUSE-SU-2025:03448-1 Security update for warewulf4		0% Низкий	4 месяца назад
GHSA-jc7w-c686-c4v9 github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives	CVSS3: 5.3	0% Низкий	5 месяцев назад
BDU:2025-12797 Уязвимость языка программирования Go, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 5.3	0% Низкий	5 месяцев назад
openSUSE-SU-2025:20073-1 Security update for alloy			около 2 месяцев назад
SUSE-SU-2025:4121-1 Security update for alloy			около 2 месяцев назад
ROS-20251124-04 Уязвимость golang-github-ulikunitz-xz	CVSS3: 5.3	0% Низкий	около 2 месяцев назад
openSUSE-SU-2025:20160-1 Security update for hauler			около 1 месяца назад
openSUSE-SU-2025:20117-1 Security update for trivy			около 2 месяцев назад

Уязвимостей на страницу