CNNVD-202510-3930 Information
CNNVD ID
CNNVD-202510-3930
Related CVE
- CNNVD Published: 2025-10-29
Description (Chinese)
Google Golang是美国谷歌(Google)公司的一种静态强类型、编译型语言。Go的语法接近C语言,但对于变量的声明有所不同。Go支持垃圾回收功能。Go的并行模型是以东尼·霍尔的通信顺序进程(CSP)为基础,采取类似模型的其他语言包括Occam和Limbo,但它也具有Pi运算的特征,比如通道传输。 Google Golang存在安全漏洞,该漏洞源于未限制GNU tar pax稀疏文件中稀疏区域数据块的最大数量,可能导致恶意构造的归档文件引发内存无限分配。
Description (English)
Google Golang is a static, compiled language of Google. Go has a syntax close to the C language, but different statements for variables. Go supports garbage recycling. Go ’ s parallel model is based on Tony Hall ’ s communication sequence process (CSP) and other languages that follow similar models include Occam and Limbo, but it also has the characteristics of a Pi operation, such as channel transport. Google Golang has a security loophole, which stems from the fact that there is no limit on the maximum number of slush area data blocks in the GNU tar pax thin file, which could lead to an unlimited distribution of memory from the maliciously constructed archive.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
谷歌
Published
2025-10-29
Last Modified
2026-02-24
References
https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://go.dev/cl/709861 https://pkg.go.dev/vuln/GO-2025-4014 https://access.redhat.com/security/cve/cve-2025-58183