VYPR

apk package

chainguard/terraform-1.13

pkg:apk/chainguard/terraform-1.13

Vulnerabilities (42)

  • CVE-2025-58181Nov 19, 2025
    affected < 1.13.5-r1fixed 1.13.5-r1

    SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

  • CVE-2025-58058MedAug 28, 2025
    affected < 1.13.1-r1fixed 1.13.1-r1

    xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the

Page 3 of 3