Bug 2434431 (CVE-2025-61728) - CVE-2025-61728 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
Summary: CVE-2025-61728 golang: archive/zip: Excessive CPU consumption when building a...
Keywords:
Status: NEW
Alias: CVE-2025-61728
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2435516 2435979
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-28 20:02 UTC by OSIDB Bzimport
Modified: 2026-04-30 02:55 UTC (History)
72 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:12028 0 None None None 2026-04-30 02:55:23 UTC
Red Hat Product Errata RHSA-2026:2706 0 None None None 2026-02-16 09:35:52 UTC
Red Hat Product Errata RHSA-2026:2708 0 None None None 2026-02-16 09:59:49 UTC
Red Hat Product Errata RHSA-2026:2709 0 None None None 2026-02-16 10:27:47 UTC
Red Hat Product Errata RHSA-2026:2914 0 None None None 2026-02-18 11:26:33 UTC
Red Hat Product Errata RHSA-2026:2920 0 None None None 2026-02-18 12:49:40 UTC
Red Hat Product Errata RHSA-2026:3186 0 None None None 2026-02-26 02:56:49 UTC
Red Hat Product Errata RHSA-2026:3188 0 None None None 2026-02-24 11:37:02 UTC
Red Hat Product Errata RHSA-2026:3192 0 None None None 2026-02-24 11:31:44 UTC
Red Hat Product Errata RHSA-2026:3193 0 None None None 2026-02-24 11:54:47 UTC
Red Hat Product Errata RHSA-2026:3336 0 None None None 2026-02-25 11:23:42 UTC
Red Hat Product Errata RHSA-2026:3337 0 None None None 2026-02-25 11:42:01 UTC
Red Hat Product Errata RHSA-2026:3469 0 None None None 2026-03-02 01:29:28 UTC
Red Hat Product Errata RHSA-2026:3471 0 None None None 2026-03-02 01:30:04 UTC
Red Hat Product Errata RHSA-2026:3472 0 None None None 2026-03-02 01:22:59 UTC
Red Hat Product Errata RHSA-2026:3473 0 None None None 2026-03-02 01:20:24 UTC
Red Hat Product Errata RHSA-2026:3489 0 None None None 2026-03-02 02:49:18 UTC
Red Hat Product Errata RHSA-2026:3752 0 None None None 2026-03-04 15:24:53 UTC
Red Hat Product Errata RHSA-2026:3753 0 None None None 2026-03-04 15:43:20 UTC
Red Hat Product Errata RHSA-2026:3831 0 None None None 2026-03-05 07:45:59 UTC
Red Hat Product Errata RHSA-2026:3833 0 None None None 2026-03-05 08:16:31 UTC
Red Hat Product Errata RHSA-2026:3835 0 None None None 2026-03-05 08:50:13 UTC
Red Hat Product Errata RHSA-2026:3836 0 None None None 2026-03-05 08:56:33 UTC
Red Hat Product Errata RHSA-2026:3838 0 None None None 2026-03-05 09:35:19 UTC
Red Hat Product Errata RHSA-2026:3851 0 None None None 2026-03-11 05:14:34 UTC
Red Hat Product Errata RHSA-2026:3854 0 None None None 2026-03-05 11:04:38 UTC
Red Hat Product Errata RHSA-2026:3880 0 None None None 2026-03-05 12:14:56 UTC
Red Hat Product Errata RHSA-2026:4672 0 None None None 2026-03-17 03:45:31 UTC
Red Hat Product Errata RHSA-2026:7854 0 None None None 2026-04-13 12:42:36 UTC

Description OSIDB Bzimport 2026-01-28 20:02:02 UTC 
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Comment 4 errata-xmlrpc 2026-02-16 09:35:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:2706 https://access.redhat.com/errata/RHSA-2026:2706
Comment 5 errata-xmlrpc 2026-02-16 09:59:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2708 https://access.redhat.com/errata/RHSA-2026:2708
Comment 6 errata-xmlrpc 2026-02-16 10:27:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2709 https://access.redhat.com/errata/RHSA-2026:2709
Comment 7 errata-xmlrpc 2026-02-18 11:26:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:2914 https://access.redhat.com/errata/RHSA-2026:2914
Comment 8 errata-xmlrpc 2026-02-18 12:49:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2920 https://access.redhat.com/errata/RHSA-2026:2920
Comment 9 errata-xmlrpc 2026-02-24 11:31:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:3192 https://access.redhat.com/errata/RHSA-2026:3192
Comment 10 errata-xmlrpc 2026-02-24 11:36:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:3188 https://access.redhat.com/errata/RHSA-2026:3188
Comment 11 errata-xmlrpc 2026-02-24 11:54:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:3193 https://access.redhat.com/errata/RHSA-2026:3193
Comment 12 errata-xmlrpc 2026-02-25 11:23:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3336 https://access.redhat.com/errata/RHSA-2026:3336
Comment 13 errata-xmlrpc 2026-02-25 11:23:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3336 https://access.redhat.com/errata/RHSA-2026:3336
Comment 14 errata-xmlrpc 2026-02-25 11:23:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3336 https://access.redhat.com/errata/RHSA-2026:3336
Comment 15 errata-xmlrpc 2026-02-25 11:41:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:3337 https://access.redhat.com/errata/RHSA-2026:3337
Comment 16 errata-xmlrpc 2026-02-26 02:56:44 UTC 
This issue has been addressed in the following products:

  Cryostat 4 on RHEL 9

Via RHSA-2026:3186 https://access.redhat.com/errata/RHSA-2026:3186
Comment 18 errata-xmlrpc 2026-03-02 01:20:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:3473 https://access.redhat.com/errata/RHSA-2026:3473
Comment 19 errata-xmlrpc 2026-03-02 01:22:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:3472 https://access.redhat.com/errata/RHSA-2026:3472
Comment 20 errata-xmlrpc 2026-03-02 01:29:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:3469 https://access.redhat.com/errata/RHSA-2026:3469
Comment 21 errata-xmlrpc 2026-03-02 01:29:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:3471 https://access.redhat.com/errata/RHSA-2026:3471
Comment 22 errata-xmlrpc 2026-03-02 02:49:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:3489 https://access.redhat.com/errata/RHSA-2026:3489
Comment 23 errata-xmlrpc 2026-03-04 15:24:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3752 https://access.redhat.com/errata/RHSA-2026:3752
Comment 24 errata-xmlrpc 2026-03-04 15:43:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:3753 https://access.redhat.com/errata/RHSA-2026:3753
Comment 26 errata-xmlrpc 2026-03-05 07:45:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:3831 https://access.redhat.com/errata/RHSA-2026:3831
Comment 27 errata-xmlrpc 2026-03-05 08:16:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:3833 https://access.redhat.com/errata/RHSA-2026:3833
Comment 28 errata-xmlrpc 2026-03-05 08:50:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:3835 https://access.redhat.com/errata/RHSA-2026:3835
Comment 29 errata-xmlrpc 2026-03-05 08:56:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:3836 https://access.redhat.com/errata/RHSA-2026:3836
Comment 30 errata-xmlrpc 2026-03-05 09:35:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:3838 https://access.redhat.com/errata/RHSA-2026:3838
Comment 31 errata-xmlrpc 2026-03-05 11:04:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:3854 https://access.redhat.com/errata/RHSA-2026:3854
Comment 32 errata-xmlrpc 2026-03-05 12:14:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:3880 https://access.redhat.com/errata/RHSA-2026:3880
Comment 33 errata-xmlrpc 2026-03-11 05:14:29 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.20

Via RHSA-2026:3851 https://access.redhat.com/errata/RHSA-2026:3851
Comment 34 errata-xmlrpc 2026-03-17 03:45:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4672 https://access.redhat.com/errata/RHSA-2026:4672
Comment 35 errata-xmlrpc 2026-03-17 03:45:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4672 https://access.redhat.com/errata/RHSA-2026:4672
Comment 36 errata-xmlrpc 2026-03-17 03:45:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:4672 https://access.redhat.com/errata/RHSA-2026:4672
Comment 37 errata-xmlrpc 2026-04-13 12:42:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:7854 https://access.redhat.com/errata/RHSA-2026:7854
Comment 67 errata-xmlrpc 2026-04-30 02:55:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:12028 https://access.redhat.com/errata/RHSA-2026:12028
Note You need to log in before you can comment on or make changes to this bug.