Skip to content

GO-2026-4869 reported: tar reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive #4029

Description

@github-actions

This vulnerability might affect the following versions: v1.10 v1.9

CVE-2026-32288

Vulnerability info: https://pkg.go.dev/vuln/GO-2026-4869
Pipeline run: https://github.com/opentofu/opentofu/actions/runs/24352087018

Metadata

Metadata

Labels

govulncheckAutomatic reports by the govulncheck tool

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions