CVE-2025-58183
published 2025-10-29CVE-2025-58183: tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a…
PriorityP421medium4.3CVSS 3.1
AVNACLPRNUIRSUCNINAL
EPSS
0.42%
33.7th percentile
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.25 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| github.com | opentofu_opentofu | >= 0 < 1.10.7 | 1.10.7 |
| go_standard_library | archive_tar | < 1.24.8 | 1.24.8 |
| go_standard_library | archive_tar | >= 1.25.0 < 1.25.2 | 1.25.2 |
| msrc | azl3_containerized-data-importer_1.57.0-16 | — | — |
| msrc | azl3_containerized-data-importer_1.57.0-17 | — | — |
| msrc | azl3_gcc_13.2.0-7 | — | — |
| msrc | azl3_gh_2.62.0-10 | — | — |
| msrc | azl3_gh_2.62.0-9 | — | — |
| msrc | azl3_golang_1.23.12-1 | — | — |
| msrc | azl3_golang_1.25.3-1 | — | — |
| msrc | azl3_golang_1.25.5-1 | — | — |
| msrc | azl3_golang_1.25.6-1 | — | — |
| msrc | azl3_golang_1.25.7-1 | — | — |
| msrc | azl3_golang_1.25.8-1 | — | — |
| msrc | azl3_golang_1.26.0-1 | — | — |
| msrc | azl3_libcontainers-common_20240213-3 | — | — |
| msrc | azl3_moby-engine_25.0.3-13 | — | — |
| msrc | azl3_moby-engine_25.0.3-14 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6 | — | — |
| msrc | azl3_skopeo_1.14.4-6 | — | — |
| msrc | azl3_skopeo_1.14.4-7 | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_msrc5.5MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
ghsa·2025-11-06·CVSS 4.3
[MEDIUM] CWE-1395 OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
### Impact
Unauthenticated denial of service.
### Summary
When installing module packages from attacker-controlled sources, `tofu init` may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives.
Those who depend on modules or providers served from untrusted third-party servers may experience denial of service due to `tofu init` failing to complete successfully. In the case of unbounded memory usage or high CPU usage, other processes running on the same computer as OpenTofu may also fail or have their performance degraded due to the depletion of shared system resources.
These vulnerabilities **do not** permit
OSV
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
osv·2025-11-06·CVSS 4.3
[MEDIUM] OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses
### Impact
Unauthenticated denial of service.
### Summary
When installing module packages from attacker-controlled sources, `tofu init` may use unbounded memory, cause high CPU usage, or crash when encountering maliciously-crafted TLS certificate chains or tar archives.
Those who depend on modules or providers served from untrusted third-party servers may experience denial of service due to `tofu init` failing to complete successfully. In the case of unbounded memory usage or high CPU usage, other processes running on the same computer as OpenTofu may also fail or have their performance degraded due to the depletion of shared system resources.
These vulnerabilities **do not** permit
GHSA
GHSA-9gcr-gp5f-jw27: tar
ghsa_unreviewed·2025-10-30
CVE-2025-58183 [LOW] GHSA-9gcr-gp5f-jw27: tar
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
OSV
CVE-2025-58183: tar
osv·2025-10-29·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183: tar
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
OSV
Unbounded allocation when parsing GNU sparse map in archive/tar
osv·2025-10-29
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Unbounded allocation when parsing GNU sparse map in archive/tar
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Red Hat
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
vendor_redhat·2025-10-29·CVSS 4.3
CVE-2025-58183 [MEDIUM] CWE-770 golang: archive/tar: Unbounded allocation when parsing GNU sparse map
golang: archive/tar: Unbounded allocation when parsing GNU sparse map
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an
Microsoft
Unbounded allocation when parsing GNU sparse map in archive/tar
vendor_msrc·2025-10-14·CVSS 5.5
CVE-2025-58183 [MEDIUM] Unbounded allocation when parsing GNU sparse map in archive/tar
Unbounded allocation when parsing GNU sparse map in archive/tar
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://lea
Debian
CVE-2025-58183: golang-1.15 - tar.Reader does not set a maximum size on the number of sparse region data block...
vendor_debian·2025·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183: golang-1.15 - tar.Reader does not set a maximum size on the number of sparse region data block...
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-58183 podman: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 podman: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 podman: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58183 cri-o1.30: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 cri-o1.30: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 cri-o1.30: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-58183 asnmap: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 asnmap: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 asnmap: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-5af38b7ecb (incus-6.23-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-5af38b7ecb
---
FEDORA-2026-5af38b7ecb has been pushed to the
Bugzilla
CVE-2025-58183 reg: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 reg: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 reg: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-58183 golang-github-vmware-govmomi: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-vmware-govmomi: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-vmware-govmomi: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58183 geoipupdate: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 geoipupdate: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 geoipupdate: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-7646f2a691 (vhs-0.10.0-4.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-7646f2a691
Bugzilla
CVE-2025-58183 golang-github-nats-io-streaming-server: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-nats-io-streaming-server: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-nats-io-streaming-server: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedor
Bugzilla
CVE-2025-58183 stargz-snapshotter: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 stargz-snapshotter: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 stargz-snapshotter: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58183 matterbridge: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 matterbridge: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 matterbridge: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-58183 kubernetes1.29: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 kubernetes1.29: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 kubernetes1.29: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-58183 golang-google-appengine: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-google-appengine: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-google-appengine: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to c
Bugzilla
CVE-2025-58183 deepin-daemon: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 deepin-daemon: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 deepin-daemon: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-58183 golang-github-task: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-task: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-task: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 vhs: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-795b0d0367 (vhs-0.9.0-2.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-795b0d0367
Bugzilla
CVE-2025-58183 golang-github-pgaskin-koboutils: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-pgaskin-koboutils: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-pgaskin-koboutils: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58183 golang-github-git-5: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-git-5: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-git-5: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-58183 osbuild-composer: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 osbuild-composer: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 osbuild-composer: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-58183 trivy: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 trivy: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 trivy: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-868e266938 (trivy-0.69.3-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-868e266938
---
FEDORA-2026-868e266938 has been pushed to th
Bugzilla
CVE-2025-58183 tailscale: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 tailscale: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 tailscale: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58183 opentofu: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 opentofu: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 opentofu: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-58183 cri-o: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 cri-o: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 cri-o: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-ed208f5337 (hut-0.8.0-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ed208f5337
---
FEDORA-2026-32113d4817 (hut-0.8.0-1.fc43) has bee
Bugzilla
CVE-2025-58183 docker-distribution: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 docker-distribution: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 docker-distribution: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed since v1.25.2
Bugzilla
CVE-2025-58183 kitty: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 kitty: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 kitty: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-58183 terrier: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 terrier: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 terrier: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-58183 clash-meta: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 clash-meta: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 clash-meta: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-58183 grafana: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 grafana: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 grafana: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-58183 buildah: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 buildah: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 buildah: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2025-3ccd4113df (buildah-1.42.0-3.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-3ccd4113df
---
FEDORA-2025-8a248ee4f4 has been pushed t
Bugzilla
CVE-2025-58183 trayscale: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 trayscale: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 trayscale: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-58183 helm: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 helm: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 helm: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-58183 cri-o1.29: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 cri-o1.29: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 cri-o1.29: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-58183 kubernetes1.30: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 kubernetes1.30: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 kubernetes1.30: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-58183 golang-oras: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-oras: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-oras: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-58183 podman: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 podman: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 podman: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-58183 nats-server: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 nats-server: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 nats-server: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-58183 golang-github-facebookincubator-go2chef: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-facebookincubator-go2chef: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-facebookincubator-go2chef: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-58183 gphotosdl: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 gphotosdl: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 gphotosdl: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-58183 cri-o1.31: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 cri-o1.31: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 cri-o1.31: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-58183 dnsx: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 dnsx: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 dnsx: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug report
Bugzilla
CVE-2025-58183 kata-containers: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 kata-containers: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 kata-containers: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 incus: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-a9017d0297 (incus-6.23-1.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-a9017d0297
---
FEDORA-2026-a9017d0297 has been pushed to the
Bugzilla
CVE-2025-58183 image-builder: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 image-builder: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 image-builder: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-58183 ollama: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 ollama: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 ollama: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repo
Bugzilla
CVE-2025-58183 snapd: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 snapd: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 snapd: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug repor
Bugzilla
CVE-2025-58183 exercism: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 exercism: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 exercism: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-58183 golang-github-jsonnet-bundler: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-jsonnet-bundler: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-jsonnet-bundler: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's polic
Bugzilla
CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 hut: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports
Bugzilla
CVE-2025-58183 golang-github-vbatts-tar-split: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-vbatts-tar-split: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-vbatts-tar-split: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's poli
Bugzilla
CVE-2025-58183 transifex-client: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 transifex-client: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 transifex-client: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-58183 syncthing: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 syncthing: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 syncthing: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-58183 golang-github-mholt-archiver: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-mholt-archiver: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-mholt-archiver: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58183 gitleaks: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 gitleaks: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 gitleaks: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-58183 golang-github-francoispqt-gojay: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-francoispqt-gojay: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-francoispqt-gojay: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's pol
Bugzilla
CVE-2025-58183 google-osconfig-agent: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 google-osconfig-agent: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 google-osconfig-agent: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-58183 golang-github-moby-buildkit: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-moby-buildkit: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-moby-buildkit: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58183 source-to-image: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 source-to-image: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 source-to-image: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-58183 golang-github-distribution-3: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-distribution-3: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-distribution-3: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-58183 forgejo: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 forgejo: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 forgejo: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug rep
Bugzilla
CVE-2025-58183 reposurgeon: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 reposurgeon: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 reposurgeon: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-58183 docker-distribution: Unbounded allocation when parsing GNU sparse map [fedora-43]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 docker-distribution: Unbounded allocation when parsing GNU sparse map [fedora-43]
CVE-2025-58183 docker-distribution: Unbounded allocation when parsing GNU sparse map [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed since v1.25.2
Bugzilla
CVE-2025-58183 golang-github-projectdiscovery-chaos-client: Unbounded allocation when parsing GNU sparse map [fedora-42]
bugzilla·2025-11-05·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang-github-projectdiscovery-chaos-client: Unbounded allocation when parsing GNU sparse map [fedora-42]
CVE-2025-58183 golang-github-projectdiscovery-chaos-client: Unbounded allocation when parsing GNU sparse map [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map
bugzilla·2025-10-29·CVSS 4.3
CVE-2025-58183 [MEDIUM] CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map
CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10.0 Extended Update Support
Via RHSA-2025:21779 https://access.redhat.com/errata/RHSA-2025:21779
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9.6 Extended Update Support
Via RHSA-2025:21778 https://a
2025-10-29
Published