CNNVD-202510-1450 Information
CNNVD ID
CNNVD-202510-1450
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
rardecode是Nicholas Waples个人开发者的一个用于阅读RAR文件的golang包。 rardecode 2.1.1及之前版本存在安全漏洞,该漏洞源于未限制字典大小,攻击者可提供特制RAR文件导致内存耗尽崩溃。
Description (English)
Rardecode is a Golang package for reading RAR files by Nicholas Waples personal developers. There is a security loophole in the rardecode 2.1.1 and earlier versions, which stems from the unlimited size of the dictionary, where the assailant can provide a specially designed RAR file leading to the depletion of the memory.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-10
Last Modified
2026-02-24
References
https://mattermost.com/security-updates https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 https://vigilance.fr/vulnerability/rardecode-overload-dated-14-11-2025-48773 https://access.redhat.com/security/cve/cve-2025-11579
Patch
https://github.com/nwaples/rardecode/tags
Share on: