PT-2026-25101 · Go · Github.Com/Chainguard-Dev/Malcontent

Publicado

2026-03-02

·

Atualizado

2026-03-02

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Several extraction and scanning code paths registered late defers which could leak resources and exhaust system resources.
This report is an aggregate of these individual reports for the affected code:
AdvisoryAffected File
GHSA-jjgh-mc5q-gch7pkg/action/scan.go
GHSA-mwmf-fxh2-w4x7pkg/archive/deb.go
GHSA-p8j3-rpf5-gwv3pkg/archive/gzip.go
GHSA-qfh4-7f5v-75gqpkg/archive/zlib.go
GHSA-wxxf-r586-5rf5pkg/archive/bzip2.go
Fix: #1354, #1355, #1356, #1361
Acknowledgements
Thank you to Oleh Konko from 1seal for discovering and reporting all six of these issues.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

GHSA-54P8-X2M9-C593

Produtos afetados

Github.Com/Chainguard-Dev/Malcontent