Go Standard Library Archive Tar vulnerabilities
3 known vulnerabilities affecting go_standard_library/archive_tar.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-32288MEDIUMCVSS 5.5fixed in 1.25.9≥ 1.26.0-0, < 1.26.22026-04-08
CVE-2026-32288 [MEDIUM] CVE-2026-32288: tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive con
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
cvelistv5nvd
CVE-2025-58183MEDIUMCVSS 4.3fixed in 1.24.8≥ 1.25.0, < 1.25.22025-10-29
CVE-2025-58183 [MEDIUM] CVE-2025-58183: tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large a
cvelistv5nvd
CVE-2022-2879HIGHCVSS 7.5fixed in 1.18.7≥ 1.19.0-0, < 1.19.22022-10-14
CVE-2022-2879 [HIGH] CWE-770 CVE-2022-2879: Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.
cvelistv5nvd