Bug 2407258 (CVE-2025-58183) - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map
Summary: CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU spa...
Keywords:
Status: NEW
Alias: CVE-2025-58183
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2408921 2408923 2408925 2408927 2412476 2412478 2412479 2412481 2412482 2412483 2412485 2412487 2412488 2412489 2412490 2412494 2412497 2412498 2412499 2412584 2412585 2412586 2412591 2412592 2412594 2412595 2412597 2412598 2412602 2412603 2412604 2412606 2412607 2412608 2412609 2412610 2412612 2412666 2412670 2412673 2412674 2412675 2412679 2412680 2412683 2412685 2412686 2412687 2412690 2412691 2412692 2412693 2412694 2412696 2412697 2412698 2412700 2412701 2412702 2412703 2412704 2412705 2412707 2412708 2412709 2412710 2412711 2412712 2412713 2412745 2412746 2412748 2412749 2412752 2412753 2412754 2412755 2412759 2412760 2412763 2412765 2412766 2412767 2412768 2412769 2412770 2412771 2412772 2412773 2412774 2412775 2412776 2412777 2412778 2412779 2412781 2412782 2412783 2412784 2412785 2412786 2412787 2412789 2412790 2412791 2412792 2412794 2412795 2412796 2412798 2412799 2412800 2412801 2412806 2412807 2412808 2412810 2412811 2412813 2412814 2412815 2412819 2412820 2412821 2412822 2412823 2412824 2412826 2412850 2412853 2408915 2408917 2408919 2412477 2412480 2412484 2412486 2412491 2412492 2412493 2412495 2412496 2412509 2412510 2412511 2412513 2412514 2412515 2412516 2412517 2412518 2412519 2412520 2412521 2412522 2412523 2412524 2412525 2412526 2412527 2412528 2412529 2412530 2412531 2412532 2412533 2412534 2412535 2412536 2412537 2412538 2412539 2412540 2412541 2412542 2412543 2412544 2412545 2412546 2412547 2412548 2412549 2412550 2412551 2412552 2412553 2412554 2412555 2412556 2412557 2412558 2412559 2412560 2412561 2412562 2412563 2412564 2412565 2412566 2412567 2412568 2412569 2412570 2412571 2412572 2412573 2412574 2412575 2412576 2412577 2412578 2412579 2412580 2412581 2412582 2412583 2412587 2412588 2412589 2412590 2412593 2412596 2412599 2412600 2412601 2412605 2412611 2412613 2412647 2412653 2412654 2412656 2412657 2412658 2412659 2412660 2412661 2412662 2412663 2412664 2412665 2412667 2412668 2412669 2412671 2412672 2412676 2412677 2412678 2412681 2412682 2412684 2412688 2412689 2412699 2412706 2412744 2412747 2412750 2412751 2412756 2412757 2412758 2412761 2412762 2412764 2412780 2412788 2412797 2412802 2412803 2412804 2412805 2412809 2412812 2412816 2412817 2412818 2412825 2412848
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-29 23:02 UTC by OSIDB Bzimport
Modified: 2026-01-27 16:26 UTC (History)
100 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:21778 0 None None None 2025-11-20 00:28:09 UTC
Red Hat Product Errata RHSA-2025:21779 0 None None None 2025-11-20 00:17:10 UTC
Red Hat Product Errata RHSA-2025:21815 0 None None None 2025-11-20 06:28:42 UTC
Red Hat Product Errata RHSA-2025:21816 0 None None None 2025-11-20 06:19:04 UTC
Red Hat Product Errata RHSA-2025:21856 0 None None None 2025-11-20 15:42:55 UTC
Red Hat Product Errata RHSA-2025:21964 0 None None None 2025-11-24 14:54:59 UTC
Red Hat Product Errata RHSA-2025:22011 0 None None None 2025-11-25 05:17:12 UTC
Red Hat Product Errata RHSA-2025:22012 0 None None None 2025-11-25 04:58:44 UTC
Red Hat Product Errata RHSA-2025:22030 0 None None None 2025-11-25 07:55:08 UTC
Red Hat Product Errata RHSA-2025:22181 0 None None None 2025-11-26 15:02:10 UTC
Red Hat Product Errata RHSA-2025:22255 0 None None None 2025-12-02 14:39:34 UTC
Red Hat Product Errata RHSA-2025:22668 0 None None None 2025-12-03 14:49:34 UTC
Red Hat Product Errata RHSA-2025:22899 0 None None None 2025-12-09 08:00:25 UTC
Red Hat Product Errata RHSA-2025:23001 0 None None None 2025-12-10 00:31:33 UTC
Red Hat Product Errata RHSA-2025:23002 0 None None None 2025-12-10 01:06:09 UTC
Red Hat Product Errata RHSA-2025:23087 0 None None None 2025-12-11 00:54:19 UTC
Red Hat Product Errata RHSA-2025:23088 0 None None None 2025-12-11 00:25:41 UTC
Red Hat Product Errata RHSA-2025:23294 0 None None None 2025-12-18 10:04:52 UTC
Red Hat Product Errata RHSA-2025:23295 0 None None None 2025-12-18 10:05:01 UTC
Red Hat Product Errata RHSA-2025:23325 0 None None None 2025-12-18 12:21:52 UTC
Red Hat Product Errata RHSA-2025:23326 0 None None None 2025-12-18 12:22:07 UTC
Red Hat Product Errata RHSA-2025:23347 0 None None None 2025-12-18 10:03:14 UTC
Red Hat Product Errata RHSA-2025:23348 0 None None None 2025-12-18 10:04:03 UTC
Red Hat Product Errata RHSA-2025:23374 0 None None None 2025-12-18 11:56:39 UTC
Red Hat Product Errata RHSA-2025:23394 0 None None None 2025-12-18 12:12:08 UTC
Red Hat Product Errata RHSA-2025:23733 0 None None None 2025-12-22 01:30:08 UTC
Red Hat Product Errata RHSA-2025:23736 0 None None None 2025-12-22 01:26:26 UTC
Red Hat Product Errata RHSA-2025:23737 0 None None None 2025-12-22 01:38:40 UTC
Red Hat Product Errata RHSA-2025:23740 0 None None None 2025-12-22 01:16:38 UTC
Red Hat Product Errata RHSA-2025:23741 0 None None None 2025-12-22 01:31:45 UTC
Red Hat Product Errata RHSA-2025:23746 0 None None None 2025-12-22 01:36:16 UTC
Red Hat Product Errata RHSA-2025:23747 0 None None None 2025-12-22 01:38:18 UTC
Red Hat Product Errata RHSA-2025:23948 0 None None None 2025-12-22 17:01:34 UTC
Red Hat Product Errata RHSA-2026:0226 0 None None None 2026-01-07 12:40:25 UTC
Red Hat Product Errata RHSA-2026:0227 0 None None None 2026-01-07 11:29:07 UTC
Red Hat Product Errata RHSA-2026:0243 0 None None None 2026-01-07 14:40:29 UTC
Red Hat Product Errata RHSA-2026:0244 0 None None None 2026-01-07 14:36:05 UTC
Red Hat Product Errata RHSA-2026:0245 0 None None None 2026-01-07 14:41:54 UTC
Red Hat Product Errata RHSA-2026:0246 0 None None None 2026-01-07 14:41:23 UTC
Red Hat Product Errata RHSA-2026:0314 0 None None None 2026-01-08 11:31:29 UTC
Red Hat Product Errata RHSA-2026:0424 0 None None None 2026-01-12 02:16:04 UTC
Red Hat Product Errata RHSA-2026:0426 0 None None None 2026-01-12 03:25:27 UTC
Red Hat Product Errata RHSA-2026:0477 0 None None None 2026-01-12 19:57:19 UTC
Red Hat Product Errata RHSA-2026:0973 0 None None None 2026-01-22 05:29:31 UTC
Red Hat Product Errata RHSA-2026:0987 0 None None None 2026-01-22 11:26:52 UTC
Red Hat Product Errata RHSA-2026:1025 0 None None None 2026-01-22 16:41:06 UTC
Red Hat Product Errata RHSA-2026:1377 0 None None None 2026-01-27 16:26:00 UTC
Red Hat Product Errata RHSA-2026:1378 0 None None None 2026-01-27 15:33:11 UTC
Red Hat Product Errata RHSA-2026:1379 0 None None None 2026-01-27 16:05:10 UTC
Red Hat Product Errata RHSA-2026:1380 0 None None None 2026-01-27 15:55:49 UTC
Red Hat Product Errata RHSA-2026:1381 0 None None None 2026-01-27 16:22:48 UTC

Description OSIDB Bzimport 2025-10-29 23:02:14 UTC 
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Comment 2 errata-xmlrpc 2025-11-20 00:17:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:21779 https://access.redhat.com/errata/RHSA-2025:21779
Comment 3 errata-xmlrpc 2025-11-20 00:28:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21778 https://access.redhat.com/errata/RHSA-2025:21778
Comment 4 errata-xmlrpc 2025-11-20 06:18:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21816 https://access.redhat.com/errata/RHSA-2025:21816
Comment 5 errata-xmlrpc 2025-11-20 06:28:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:21815 https://access.redhat.com/errata/RHSA-2025:21815
Comment 6 errata-xmlrpc 2025-11-20 15:42:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:21856 https://access.redhat.com/errata/RHSA-2025:21856
Comment 7 errata-xmlrpc 2025-11-24 14:54:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:21964 https://access.redhat.com/errata/RHSA-2025:21964
Comment 8 errata-xmlrpc 2025-11-25 04:58:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:22012 https://access.redhat.com/errata/RHSA-2025:22012
Comment 9 errata-xmlrpc 2025-11-25 05:17:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22011 https://access.redhat.com/errata/RHSA-2025:22011
Comment 10 errata-xmlrpc 2025-11-25 07:55:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:22030 https://access.redhat.com/errata/RHSA-2025:22030
Comment 11 errata-xmlrpc 2025-11-26 15:02:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:22181 https://access.redhat.com/errata/RHSA-2025:22181
Comment 12 errata-xmlrpc 2025-12-02 14:39:27 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.20

Via RHSA-2025:22255 https://access.redhat.com/errata/RHSA-2025:22255
Comment 13 errata-xmlrpc 2025-12-03 14:49:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:22668 https://access.redhat.com/errata/RHSA-2025:22668
Comment 14 errata-xmlrpc 2025-12-09 08:00:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:22899 https://access.redhat.com/errata/RHSA-2025:22899
Comment 15 errata-xmlrpc 2025-12-10 00:31:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23001 https://access.redhat.com/errata/RHSA-2025:23001
Comment 16 errata-xmlrpc 2025-12-10 01:06:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:23002 https://access.redhat.com/errata/RHSA-2025:23002
Comment 17 errata-xmlrpc 2025-12-11 00:25:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23088 https://access.redhat.com/errata/RHSA-2025:23088
Comment 18 errata-xmlrpc 2025-12-11 00:54:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23087 https://access.redhat.com/errata/RHSA-2025:23087
Comment 19 errata-xmlrpc 2025-12-18 10:03:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23347 https://access.redhat.com/errata/RHSA-2025:23347
Comment 20 errata-xmlrpc 2025-12-18 10:03:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23348 https://access.redhat.com/errata/RHSA-2025:23348
Comment 21 errata-xmlrpc 2025-12-18 10:04:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23294 https://access.redhat.com/errata/RHSA-2025:23294
Comment 22 errata-xmlrpc 2025-12-18 10:04:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23295 https://access.redhat.com/errata/RHSA-2025:23295
Comment 23 errata-xmlrpc 2025-12-18 11:56:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23374 https://access.redhat.com/errata/RHSA-2025:23374
Comment 24 errata-xmlrpc 2025-12-18 12:12:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:23394 https://access.redhat.com/errata/RHSA-2025:23394
Comment 25 errata-xmlrpc 2025-12-18 12:21:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23325 https://access.redhat.com/errata/RHSA-2025:23325
Comment 26 errata-xmlrpc 2025-12-18 12:22:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:23326 https://access.redhat.com/errata/RHSA-2025:23326
Comment 27 errata-xmlrpc 2025-12-22 01:16:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:23740 https://access.redhat.com/errata/RHSA-2025:23740
Comment 28 errata-xmlrpc 2025-12-22 01:26:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:23736 https://access.redhat.com/errata/RHSA-2025:23736
Comment 29 errata-xmlrpc 2025-12-22 01:30:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:23733 https://access.redhat.com/errata/RHSA-2025:23733
Comment 30 errata-xmlrpc 2025-12-22 01:31:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:23741 https://access.redhat.com/errata/RHSA-2025:23741
Comment 31 errata-xmlrpc 2025-12-22 01:36:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:23746 https://access.redhat.com/errata/RHSA-2025:23746
Comment 32 errata-xmlrpc 2025-12-22 01:38:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:23747 https://access.redhat.com/errata/RHSA-2025:23747
Comment 33 errata-xmlrpc 2025-12-22 01:38:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:23737 https://access.redhat.com/errata/RHSA-2025:23737
Comment 35 errata-xmlrpc 2025-12-22 17:01:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:23948 https://access.redhat.com/errata/RHSA-2025:23948
Comment 36 errata-xmlrpc 2026-01-07 11:28:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:0227 https://access.redhat.com/errata/RHSA-2026:0227
Comment 37 errata-xmlrpc 2026-01-07 12:40:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0226 https://access.redhat.com/errata/RHSA-2026:0226
Comment 38 errata-xmlrpc 2026-01-07 14:35:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:0244 https://access.redhat.com/errata/RHSA-2026:0244
Comment 39 errata-xmlrpc 2026-01-07 14:40:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:0243 https://access.redhat.com/errata/RHSA-2026:0243
Comment 40 errata-xmlrpc 2026-01-07 14:41:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:0246 https://access.redhat.com/errata/RHSA-2026:0246
Comment 41 errata-xmlrpc 2026-01-07 14:41:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:0245 https://access.redhat.com/errata/RHSA-2026:0245
Comment 42 errata-xmlrpc 2026-01-08 11:31:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:0314 https://access.redhat.com/errata/RHSA-2026:0314
Comment 43 errata-xmlrpc 2026-01-12 02:15:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0424 https://access.redhat.com/errata/RHSA-2026:0424
Comment 44 errata-xmlrpc 2026-01-12 03:25:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0426 https://access.redhat.com/errata/RHSA-2026:0426
Comment 45 errata-xmlrpc 2026-01-12 19:57:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:0477 https://access.redhat.com/errata/RHSA-2026:0477
Comment 46 errata-xmlrpc 2026-01-22 05:29:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:0973 https://access.redhat.com/errata/RHSA-2026:0973
Comment 47 errata-xmlrpc 2026-01-22 11:26:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:0987 https://access.redhat.com/errata/RHSA-2026:0987
Comment 48 errata-xmlrpc 2026-01-22 16:40:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:1025 https://access.redhat.com/errata/RHSA-2026:1025
Comment 49 errata-xmlrpc 2026-01-27 15:33:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:1378 https://access.redhat.com/errata/RHSA-2026:1378
Comment 50 errata-xmlrpc 2026-01-27 15:55:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:1380 https://access.redhat.com/errata/RHSA-2026:1380
Comment 51 errata-xmlrpc 2026-01-27 16:05:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:1379 https://access.redhat.com/errata/RHSA-2026:1379
Comment 52 errata-xmlrpc 2026-01-27 16:22:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1381 https://access.redhat.com/errata/RHSA-2026:1381
Comment 53 errata-xmlrpc 2026-01-27 16:25:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1377 https://access.redhat.com/errata/RHSA-2026:1377
Note You need to log in before you can comment on or make changes to this bug.