INFSA-2025:21815: delve and golang security update
Information about definition
Identificator: INFSA-2025:21815
Type: security
Release date: 2025-12-07 23:07:26 UTC
Information about package
Go is a high-level general purpose programming language that is statically typed and compiled. It is known for the simplicity of its syntax and the efficiency of development that it enables by the inclusion of a large standard library supplying many needs for common projects. It was designed at Google.
Vulnerabilities description
- CVE-2025-58183
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-58183
|
no information | 7.5 | no information |
Updated packages
Preparing to download...