PT-2026-31065 · Unknown+1 · Tar.Reader+1

Colin Walters

Published

2026-04-07

Updated

2026-05-09

CVE-2026-32288

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions tar.Reader (affected versions not specified)

Description tar.Reader can allocate an unbounded amount of memory when processing a specially crafted archive containing numerous sparse regions encoded using the "old GNU sparse map" format. This can lead to excessive memory consumption and potentially cause a denial-of-service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2026-07247

BIT-GOLANG-2026-32288

CVE-2026-32288

GO-2026-4869

OESA-2026-2247

OESA-2026-2248

OESA-2026-2249

OESA-2026-2250

OESA-2026-2251

OPENSUSE-SU-2026:10514-1

OPENSUSE-SU-2026:10525-1

OPENSUSE-SU-2026:20570-1

OPENSUSE-SU-2026:20571-1

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2026:1320-1

SUSE-SU-2026:1321-1

SUSE-SU-2026:1580-1

SUSE-SU-2026:1581-1

Affected Products

Red Os

Tar.Reader

PT-2026-31065 · Unknown+1 · Tar.Reader+1

CVE-2026-32288

Weakness Enumeration

Related Identifiers

Affected Products

References · 74