Go Standard Library Archive Zip vulnerabilities

2 known vulnerabilities affecting go_standard_library/archive_zip.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2025-61728MEDIUMCVSS 6.5fixed in 1.24.12≥ 1.25.0, < 1.25.62026-01-28

CVE-2025-61728 [MEDIUM] CWE-770 CVE-2025-61728: archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file i archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

CVE-2024-24789MEDIUMCVSS 5.5fixed in 1.21.11≥ 1.22.0-0, < 1.22.42024-06-05

CVE-2024-24789 [MEDIUM] CVE-2024-24789: The archive/zip package's handling of certain types of invalid zip files differs from the behavior o The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.