Bug 2403068 (CVE-2025-11579)
| Summary: | CVE-2025-11579 github.com/nwaples/rardecode: RarDecode Out Of Memory Crash | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | brainfor, dhanak, drosa, dsimansk, kingland, kverlaen, ldai, lsharar, lucarval, matzew, mnovotny, sausingh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A memory exhaustion flaw has been discovered in the golang Rar Decode library (github.com/nwaples/rardecode). Affected versions did not limit the size of an archive and so an attacker could provide a crafted archive to a tool or service built on Rar decode which might consume more memory than available. This would lead to a program crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2403133, 2403134, 2403135, 2403136, 2403137, 2403138, 2403139, 2403140, 2403141, 2403142, 2403143, 2403144, 2403145, 2403146, 2403147, 2403148, 2403149, 2403150, 2403151, 2403152, 2403153, 2403154, 2403155 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-10 12:01:51 UTC
|