CVE-2025-58183

ULN >
Oracle Linux CVE repository >
CVE-2025-58183

CVE Details

Release Date:	2025-10-29
Impact:	Moderate	What is this?

Description

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

See more information about CVE-2025-58183 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	7.5
Vector String:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Network
Attack Complexity:	Low
Privileges Required:	None
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 10 (buildah)	ELSA-2025-22012	2025-12-02
Oracle Linux version 10 (delve)	ELSA-2025-21816	2025-12-03
Oracle Linux version 10 (golang)	ELSA-2025-21816	2025-12-03
Oracle Linux version 10 (grafana)	ELSA-2025-23088	2025-12-10
Oracle Linux version 10 (podman)	ELSA-2025-23295	2025-12-18
Oracle Linux version 10 (skopeo)	ELSA-2025-23294	2025-12-18
Oracle Linux version 8 (aardvark-dns)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (buildah)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (cockpit-podman)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (conmon)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (container-selinux)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (containernetworking-plugins)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (containers-common)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (criu)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (crun)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (delve)	ELSA-2025-22668	2025-12-05
Oracle Linux version 8 (fuse-overlayfs)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (golang)	ELSA-2025-22668	2025-12-05
Oracle Linux version 8 (libslirp)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (netavark)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (oci-seccomp-bpf-hook)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (podman)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (python-podman)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (runc)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (skopeo)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (slirp4netns)	ELSA-2025-23374	2025-12-19
Oracle Linux version 8 (udica)	ELSA-2025-23374	2025-12-19
Oracle Linux version 9 (buildah)	ELSA-2025-22011	2025-11-25
Oracle Linux version 9 (delve)	ELSA-2025-21815	2025-11-25
Oracle Linux version 9 (golang)	ELSA-2025-21815	2025-11-25
Oracle Linux version 9 (grafana)	ELSA-2025-23087	2025-12-10
Oracle Linux version 9 (podman)	ELSA-2025-23325	2025-12-18
Oracle Linux version 9 (skopeo)	ELSA-2025-23326	2025-12-18

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691