Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-58183

Published: Oct 29, 2025 | Modified: Nov 04, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-58183
CWEhttps://cwe.mitre.org/data/definitions/.html

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 10 RedHat delve-0:1.25.2-1.el10_1 *
Red Hat Enterprise Linux 10 RedHat golang-0:1.25.3-1.el10_1 *
Red Hat Enterprise Linux 10 RedHat buildah-2:1.41.6-1.el10_1 *
Red Hat Enterprise Linux 10 RedHat grafana-0:10.2.6-21.el10_1 *
Red Hat Enterprise Linux 10.0 Extended Update Support RedHat delve-0:1.25.2-1.el10_0 *
Red Hat Enterprise Linux 10.0 Extended Update Support RedHat golang-0:1.25.3-1.el10_0 *
Red Hat Enterprise Linux 10.0 Extended Update Support RedHat grafana-0:10.2.6-19.el10_0 *
Red Hat Enterprise Linux 8 RedHat go-toolset:rhel8-8100020251201162956.a3795dee *
Red Hat Enterprise Linux 9 RedHat delve-0:1.25.2-1.el9_7 *
Red Hat Enterprise Linux 9 RedHat golang-0:1.25.3-1.el9_7 *
Red Hat Enterprise Linux 9 RedHat buildah-2:1.41.6-1.el9_7 *
Red Hat Enterprise Linux 9 RedHat grafana-0:10.2.6-17.el9_7 *
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions RedHat golang-0:1.17.13-8.el9_0 *
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions RedHat golang-0:1.19.13-20.el9_2 *
Red Hat Enterprise Linux 9.4 Extended Update Support RedHat golang-0:1.21.13-12.el9_4 *
Red Hat Enterprise Linux 9.6 Extended Update Support RedHat delve-0:1.25.2-1.el9_6 *
Red Hat Enterprise Linux 9.6 Extended Update Support RedHat golang-0:1.25.3-1.el9_6 *
Red Hat Enterprise Linux 9.6 Extended Update Support RedHat buildah-2:1.39.6-1.el9_6 *
Red Hat Enterprise Linux 9.6 Extended Update Support RedHat podman-5:5.4.0-15.el9_6 *
Red Hat Enterprise Linux 9.6 Extended Update Support RedHat grafana-0:10.2.6-16.el9_6 *
Red Hat OpenShift Container Platform 4.20 RedHat cri-o-0:1.33.6-2.rhaos4.20.git6d65309.el9 *
Builds for Red Hat OpenShift 1.5.2 RedHat openshift-builds/openshift-builds-waiters-rhel9:sha256:6684711b250e2db920a4e2ff7d109339545f43676a9001c8a364111c9d38c024 *
Builds for Red Hat OpenShift 1.6.1 RedHat openshift-builds/openshift-builds-waiters-rhel9:sha256:74dc1894ffbffee0316b0a9e09cd117eb69a7a7c6f207f99d571aefc10178339 *
Red Hat OpenShift AI 2.22 RedHat rhoai/odh-trustyai-service-rhel9:sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da *
Source-to-Image (S2I) 1.5.2 RedHat source-to-image/source-to-image-rhel8:sha256:4b630e243139148792d027217f7f581a0cc41313d3beb3da4dc9fa16001f48ba *
Source-to-Image (S2I) 1.5.2 RedHat source-to-image/source-to-image-rhel9:sha256:49ee2ee98ea9d2f5c007de12bf23e537ec3f33baaa7362ef4feca54ef0ef773b *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use