GCVE - cpe:2.3:a:go_standard_library:archive/tar:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:go_standard_library:archive/tar:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Go Standard Library (`50bc78d3-15d0-59a4-bc22-a964570e0614`)
Product	Archive/Tar (`e2f5b1b7-0d2d-508b-886d-fed1a31c45fc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-32288`	vulnerable	2026-06-03 15:20:42.703541	Unbounded allocation for old GNU sparse in archive/tar tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. Published: 2026-04-08T01:06:57.416Z Updated: 2026-04-13T18:20:08.191Z Open on db.gcve.eu Reference links https://go.dev/cl/763766 https://go.dev/issue/78301 https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU https://pkg.go.dev/vuln/GO-2026-4869	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-58183`	vulnerable	2026-06-03 15:06:20.854890	Unbounded allocation when parsing GNU sparse map in archive/tar tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations. Published: 2025-10-29T22:10:14.376Z Updated: 2025-11-04T21:13:32.834Z Open on db.gcve.eu Reference links https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2879`	vulnerable	2026-06-03 14:47:07.510911	Unbounded memory consumption when reading headers in archive/tar Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. Published: 2022-10-14T00:00:00.000Z Updated: 2025-02-13T16:32:38.510Z Open on db.gcve.eu Reference links https://go.dev/issue/54853 https://go.dev/cl/439355 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU https://pkg.go.dev/vuln/GO-2022-1037 https://security.gentoo.org/glsa/202311-09	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.