VYPR

apk package

chainguard/mattermost-fips-10.10-compat

pkg:apk/chainguard/mattermost-fips-10.10-compat

Vulnerabilities (3)

  • CVE-2025-11579Oct 10, 2025
    affected < 10.10.3-r1fixed 10.10.3-r1

    github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

  • CVE-2025-58058MedAug 28, 2025
    affected < 10.10.2-r2fixed 10.10.2-r2

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the

  • CVE-2025-47907Aug 7, 2025
    affected < 10.10.1-r2fixed 10.10.1-r2

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex