Moderate severityNVD Advisory· Published Oct 10, 2025· Updated Dec 2, 2025
DoS via Out Of Memory Crash
CVE-2025-11579
Description
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/nwaples/rardecode/v2Go | < 2.2.0 | 2.2.0 |
github.com/nwaples/rardecodeGo | <= 1.1.3 | — |
Affected products
72- osv-coords71 versionspkg:apk/chainguard/cgpkg:apk/chainguard/chainctlpkg:apk/chainguard/chezmoipkg:apk/chainguard/docker-credential-cgrpkg:apk/chainguard/filebrowserpkg:apk/chainguard/filebrowser-compatpkg:apk/chainguard/gitleakspkg:apk/chainguard/gotenbergpkg:apk/chainguard/gptscriptpkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-fipspkg:apk/chainguard/grypepkg:apk/chainguard/grype-dbpkg:apk/chainguard/grype-db-managerpkg:apk/chainguard/grype-fipspkg:apk/chainguard/k9spkg:apk/chainguard/k9s-fipspkg:apk/chainguard/kotspkg:apk/chainguard/kots-compatpkg:apk/chainguard/kots-symlink-compatpkg:apk/chainguard/kubescapepkg:apk/chainguard/mattermost-10.10pkg:apk/chainguard/mattermost-10.10-compatpkg:apk/chainguard/mattermost-10.11pkg:apk/chainguard/mattermost-10.11-compatpkg:apk/chainguard/mattermost-10.12pkg:apk/chainguard/mattermost-10.12-compatpkg:apk/chainguard/mattermost-fips-10.10pkg:apk/chainguard/mattermost-fips-10.10-compatpkg:apk/chainguard/mattermost-fips-10.11pkg:apk/chainguard/mattermost-fips-10.11-compatpkg:apk/chainguard/mattermost-fips-10.12pkg:apk/chainguard/mattermost-fips-10.12-compatpkg:apk/chainguard/nucleipkg:apk/chainguard/syftpkg:apk/chainguard/syft-fipspkg:apk/chainguard/trufflehogpkg:apk/chainguard/trufflehog-fipspkg:apk/chainguard/undockpkg:apk/chainguard/wolfictlpkg:apk/chainguard/zarfpkg:apk/wolfi/chezmoipkg:apk/wolfi/filebrowserpkg:apk/wolfi/filebrowser-compatpkg:apk/wolfi/gitleakspkg:apk/wolfi/gptscriptpkg:apk/wolfi/grafana-alloypkg:apk/wolfi/grypepkg:apk/wolfi/k9spkg:apk/wolfi/kotspkg:apk/wolfi/kots-compatpkg:apk/wolfi/kots-symlink-compatpkg:apk/wolfi/kubescapepkg:apk/wolfi/mattermost-10.10pkg:apk/wolfi/mattermost-10.10-compatpkg:apk/wolfi/mattermost-10.11pkg:apk/wolfi/mattermost-10.11-compatpkg:apk/wolfi/mattermost-10.12pkg:apk/wolfi/mattermost-10.12-compatpkg:apk/wolfi/nucleipkg:apk/wolfi/syftpkg:apk/wolfi/trufflehogpkg:apk/wolfi/undockpkg:apk/wolfi/wolfictlpkg:apk/wolfi/zarfpkg:golang/github.com/nwaples/rardecodepkg:golang/github.com/nwaples/rardecode/v2pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/hauler&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/hauler&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/jfrog-cli&distro=openSUSE%20Tumbleweed
< 0_git20251010-r1+ 70 more
- (no CPE)range: < 0_git20251010-r1
- (no CPE)range: < 0.2.158-r0
- (no CPE)range: < 2.66.0-r1
- (no CPE)range: < 0.2.158-r0
- (no CPE)range: < 2.44.0-r1
- (no CPE)range: < 2.44.0-r1
- (no CPE)range: < 8.28.0-r3
- (no CPE)range: < 8.24.0-r1
- (no CPE)range: < 0.9.5-r17
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.100.0-r1
- (no CPE)range: < 0.44.0-r1
- (no CPE)range: < 0.44.0-r1
- (no CPE)range: < 0.100.0-r1
- (no CPE)range: < 0.50.15-r1
- (no CPE)range: < 0.50.15-r1
- (no CPE)range: < 1.128.2-r1
- (no CPE)range: < 1.128.2-r1
- (no CPE)range: < 1.128.2-r1
- (no CPE)range: < 3.0.41-r1
- (no CPE)range: < 10.10.3-r1
- (no CPE)range: < 10.10.3-r1
- (no CPE)range: < 10.11.3-r2
- (no CPE)range: < 10.11.3-r2
- (no CPE)range: < 10.12.0-r2
- (no CPE)range: < 10.12.0-r2
- (no CPE)range: < 10.10.3-r1
- (no CPE)range: < 10.10.3-r1
- (no CPE)range: < 10.11.3-r1
- (no CPE)range: < 10.11.3-r1
- (no CPE)range: < 10.12.0-r2
- (no CPE)range: < 10.12.0-r2
- (no CPE)range: < 3.4.10-r3
- (no CPE)range: < 1.33.0-r1
- (no CPE)range: < 1.33.0-r1
- (no CPE)range: < 3.90.8-r2
- (no CPE)range: < 3.90.8-r1
- (no CPE)range: < 0.10.0-r6
- (no CPE)range: < 0.38.18-r2
- (no CPE)range: < 0.63.0-r2
- (no CPE)range: < 2.66.0-r1
- (no CPE)range: < 2.44.0-r1
- (no CPE)range: < 2.44.0-r1
- (no CPE)range: < 8.28.0-r3
- (no CPE)range: < 0.9.5-r17
- (no CPE)range: < 0
- (no CPE)range: < 0.100.0-r1
- (no CPE)range: < 0.50.15-r1
- (no CPE)range: < 1.128.2-r1
- (no CPE)range: < 1.128.2-r1
- (no CPE)range: < 1.128.2-r1
- (no CPE)range: < 3.0.41-r1
- (no CPE)range: < 10.10.3-r1
- (no CPE)range: < 10.10.3-r1
- (no CPE)range: < 10.11.3-r2
- (no CPE)range: < 10.11.3-r2
- (no CPE)range: < 10.12.0-r2
- (no CPE)range: < 10.12.0-r2
- (no CPE)range: < 3.4.10-r3
- (no CPE)range: < 1.33.0-r1
- (no CPE)range: < 3.90.8-r2
- (no CPE)range: < 0.10.0-r6
- (no CPE)range: < 0.38.18-r2
- (no CPE)range: < 0.63.0-r2
- (no CPE)range: <= 1.1.3
- (no CPE)range: < 2.2.0
- (no CPE)range: < 0.0.20251105T184115-1.1
- (no CPE)range: < 1.3.1-bp160.1.1
- (no CPE)range: < 1.3.1-1.1
- (no CPE)range: < 2.104.1-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.