AIKIDO-2025-10720
github.com/vbatts/tar-split is vulnerable to Allocation of Resources Without Limits or Throttling
50
Medium Risk
This Affects:
github.com/vbatts/tar-splitTL;DR
Affected versions of this package are vulnerable to Unbounded Resource Consumption due to improperly handled untrusted archives. An attacker can exploit this vulnerability by providing a specially crafted archive that, when processed, causes the application to allocate excessive system memory or CPU resources, leading to a denial-of-service condition. This fix is a port of the correction from golang/go@2612dcf(Copyright 2009 The Go Authors).
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/vbatts/tar-split is vulnerable to Allocation of Resources Without Limits or Throttling in versions 0.1.0 - 0.12.1.
How to fix this
Upgrade the github.com/vbatts/tar-split library to the patch version.
Links
GitHub Release
Other
go.dev/cl/709861go.dev/issue/75677groups.google.com/g/golang-announce/c/4Emdl2iQ_bIpkg.go.dev/vuln/GO-2025-4014openwall.com/lists/oss-security/2025/10/08/1
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant