tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | delve-0:1.25.2-1.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | golang-0:1.25.3-1.el10_1 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | delve-0:1.25.2-1.el10_0 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | golang-0:1.25.3-1.el10_0 | * |
| Red Hat Enterprise Linux 9 | RedHat | delve-0:1.25.2-1.el9_7 | * |
| Red Hat Enterprise Linux 9 | RedHat | golang-0:1.25.3-1.el9_7 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | golang-0:1.21.13-12.el9_4 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | delve-0:1.25.2-1.el9_6 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | golang-0:1.25.3-1.el9_6 | * |