tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | delve-0:1.25.2-1.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | golang-0:1.25.3-1.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | buildah-2:1.41.6-1.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | grafana-0:10.2.6-21.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | skopeo-2:1.20.0-2.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | podman-7:5.6.0-8.el10_1 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | delve-0:1.25.2-1.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | golang-0:1.25.3-1.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | grafana-0:10.2.6-19.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | podman-6:5.4.0-14.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | skopeo-2:1.18.1-3.el10_0 | * |
| Red Hat Enterprise Linux 8 | RedHat | go-toolset:rhel8-8100020251201162956.a3795dee | * |
| Red Hat Enterprise Linux 8 | RedHat | container-tools:rhel8-8100020251204131058.afee755d | * |
| Red Hat Enterprise Linux 8 | RedHat | grafana-0:9.2.10-26.el8_10 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | go-toolset:rhel8-8020020251212160632.02f7cb7a | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | go-toolset:rhel8-8040020251212161217.5081a262 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | go-toolset:rhel8-8040020251212161217.5081a262 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | go-toolset:rhel8-8060020251219132124.97d7f71f | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | go-toolset:rhel8-8060020251219132124.97d7f71f | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | go-toolset:rhel8-8060020251219132124.97d7f71f | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | go-toolset:rhel8-8080020251215161342.17f3f959 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | go-toolset:rhel8-8080020251215161342.17f3f959 | * |
| Red Hat Enterprise Linux 9 | RedHat | delve-0:1.25.2-1.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | golang-0:1.25.3-1.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | buildah-2:1.41.6-1.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | grafana-0:10.2.6-17.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | podman-6:5.6.0-9.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | skopeo-2:1.20.0-2.el9_7 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | golang-0:1.17.13-8.el9_0 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | grafana-0:7.5.11-12.el9_0 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | golang-0:1.19.13-20.el9_2 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | grafana-0:9.0.9-9.el9_2 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | golang-0:1.21.13-12.el9_4 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | grafana-0:9.2.10-24.el9_4 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | delve-0:1.25.2-1.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | golang-0:1.25.3-1.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | buildah-2:1.39.6-1.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | podman-5:5.4.0-15.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | grafana-0:10.2.6-16.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | skopeo-2:1.18.1-3.el9_6 | * |
| Red Hat OpenShift Container Platform 4.20 | RedHat | cri-o-0:1.33.6-2.rhaos4.20.git6d65309.el9 | * |
| Builds for Red Hat OpenShift 1.5.2 | RedHat | openshift-builds/openshift-builds-waiters-rhel9:sha256:6684711b250e2db920a4e2ff7d109339545f43676a9001c8a364111c9d38c024 | * |
| Builds for Red Hat OpenShift 1.6.1 | RedHat | openshift-builds/openshift-builds-waiters-rhel9:sha256:49616253d468bbad0598b6b3d74527de8219edbbace4b8fb3a6c2a4402645595 | * |
| Red Hat OpenShift AI 2.22 | RedHat | rhoai/odh-trustyai-service-rhel9:sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-gateway-opa-rhel8:sha256:80f700f361d15cb2d8995019f20ecd988de38355aad03556994ca3c8345b1c64 | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-gateway-rhel8:sha256:953cbebef3fa709710126146537552ba513b64280f2b38312181902d49699413 | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-jaeger-query-rhel8:sha256:ea1c4dbf73b1bc43d8a3f3016bfdd86604e2d0fbc6f232668165e630d289a082 | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-operator-bundle:sha256:59faa931ced3fb7d6121c0dd212e0a43e99d6e09d01a8eb0cf77694dabaabdac | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-query-rhel8:sha256:bf1e9a71262b95ead562fff27df29b20c2379a9522c2334795daf78a09b9eaf1 | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-rhel8:sha256:9a7fe17e7758ac1cc69f5a55794d420935b6fa061dda9617bd814e651e1fada9 | * |
| Red Hat OpenShift distributed tracing 3.8.1 | RedHat | rhosdt/tempo-rhel8-operator:sha256:724d0f67a35678d3fb357466f0d10dd0e4514f0059fd3060c7a6b3e98f1efbf0 | * |
| Red Hat Quay 3.16 | RedHat | quay/quay-builder-rhel9:sha256:be0bdb1222bb39c6d0f2fffa18b13801e4be79b7ab1c3885d4ee2949145bf641 | * |
| Source-to-Image (S2I) 1.5.2 | RedHat | source-to-image/source-to-image-rhel8:sha256:7406fa611ebf57f643ce6a806c7cdcc076da0232132f9cfc17fad285613da631 | * |
| Source-to-Image (S2I) 1.5.2 | RedHat | source-to-image/source-to-image-rhel9:sha256:8b456a6f51958ca5c3a070daf0bd284c638ae9263f2e5e78b1e0a27e845bf429 | * |