apk package
chainguard/go-slim-1.23
pkg:apk/chainguard/go-slim-1.23
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61725 | Hig | 7.5 | < 1.23.12-r1 | 1.23.12-r1 | Oct 29, 2025 | The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. | |
| CVE-2025-58183 | Med | 4.3 | < 1.23.12-r1 | 1.23.12-r1 | Oct 29, 2025 | tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r | |
| CVE-2025-61724 | — | < 1.23.12-r1 | 1.23.12-r1 | Oct 29, 2025 | The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. |
- affected < 1.23.12-r1fixed 1.23.12-r1
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
- affected < 1.23.12-r1fixed 1.23.12-r1
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When r
- CVE-2025-61724Oct 29, 2025affected < 1.23.12-r1fixed 1.23.12-r1
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.