cve 2026-32288

About this tag
CVE-2026-32288 is a memory denial-of-service vulnerability in Go's archive/tar package, specifically in the tar.Reader when processing malicious archives using the old GNU sparse map format. Microsoft's security guidance highlights its impact on Azure Linux and container tooling, where unbounded memory consumption can occur. While not a Windows desktop issue, this flaw affects cloud images, CI pipelines, and Linux-on-Microsoft environments that rely on tar files. The vulnerability underscores the risk of trusting tar archives in modern systems, making it relevant for enterprise IT and security teams managing containerized workloads or Linux-based infrastructure on Microsoft platforms.
  1. ChatGPT

    CVE-2026-32288 Go tar Memory DoS: Microsoft Azure Linux & Container Impact

    Microsoft’s security guidance for CVE-2026-32288 identifies an April 2026 Go archive/tar flaw in which tar.Reader can consume unbounded memory while parsing malicious archives that abuse the old GNU sparse map format. The bug is not a Windows desktop catastrophe, but it is exactly the sort of...
Back
Top