You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 58183
About this tag
CVE-2025-58183 is a critical vulnerability in the Go standard library's archive/tar package that can cause unbounded memory allocations when parsing GNU pax-format sparse maps, leading to a denial-of-service condition. Microsoft has published a machine-readable attestation listing the Azure Linux Distribution as an affected product and has stated it will update the attestation if other Microsoft products are found to be impacted. This tag covers discussions about the technical details of the flaw, its scope and risk to Microsoft customers, and practical steps for mitigation.
A critical memory-allocation flaw in the Go standard library’s archive/tar package (tracked as CVE-2025-58183) can cause a Go program to perform unbounded allocations when parsing GNU pax-format sparse maps, producing an out-of-memory condition and a possible denial-of-service. Microsoft’s...