RHSA-2026:0530
Vulnerability from csaf_redhat - Published: 2026-01-13 20:48 - Updated: 2026-01-15 10:28Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.12
Notes
Topic
Red Hat OpenShift Service Mesh 2.6.12
This update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh 2.6.12, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Security Fix(es):
* istio-cni-rhel8: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
* pilot-rhel8: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.6.12\n\nThis update has a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 2.6.12, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* istio-cni-rhel8: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)\n* pilot-rhel8: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0530",
"url": "https://access.redhat.com/errata/RHSA-2026:0530"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-58183",
"url": "https://access.redhat.com/security/cve/cve-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0530.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.12",
"tracking": {
"current_release_date": "2026-01-15T10:28:53+00:00",
"generator": {
"date": "2026-01-15T10:28:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0530",
"initial_release_date": "2026-01-13T20:48:49+00:00",
"revision_history": [
{
"date": "2026-01-13T20:48:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-13T20:48:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-15T10:28:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-operator-bundle@sha256%3A0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767915015"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256%3A9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256%3Aa01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1766824007"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256%3A2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767910245"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256%3Aa615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767884649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256%3A450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871771"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256%3A3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256%3A2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1766824007"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256%3A25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767910245"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256%3A2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767884649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256%3Aa5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871771"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256%3A49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256%3A3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1766824007"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256%3Af5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767910245"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256%3Ad4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767884649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256%3A5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871771"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256%3Aa4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256%3Aff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1766824007"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel8-operator@sha256%3A335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767910245"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256%3A6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767884649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256%3A478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1767871771"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-13T20:48:49+00:00",
"details": "See Red Hat OpenShift Service Mesh 2.6.12 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0530"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:2c4053ff8e7a59e2d2ce6cc336cd273c74587e8f73dc88a4f870dbfa9c281468_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:3496b46b67f9252e0b8098c9bd881e82310d93b8f2cefcf6c72eb7aa248ce84d_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:a01603277974458ba19dc26bdafd9d054caec685221b1ad05f94de820181ea3f_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/grafana-rhel8@sha256:ff8422fa1b39e5df9664a509ef542ac1e7e827236c7515cd9bb76e7c0a568d7f_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:3163d29ce62ebb1e431621b80f1705a0ffb5fcc94bed4359fa55249e73b073c3_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:49544a11bb1cfa5a5f134a25c3721f7adbd4535a598790786d0a6de7daca07f0_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:9055817f1ad1c47a4e63743008fd83e7c39f447cad3098ca2c98f65dc039ee05_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-cni-rhel8@sha256:a4124697d5320959bf3af490f5e0cd5129242f3a6b59a96e4ba8046aa4776910_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-operator-bundle@sha256:0676c01437a80b84a7b177bfb0fc39e8d555c0682aaaf329db3d7948eb95c86c_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:25d2342add35718131b35c05224e1d0612574efd252a10c32a39730a6e08772e_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:2602088775bc0137d42b887d6f62e841b5f75e7a67ccff34c6fac37e73c46016_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:335f6264af687828def16100d1ed6ff49b6dc49db15f7e65da9f117eb6f6aad7_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-rhel8-operator@sha256:f5e863158ed07353ed7f373452d4046487823e9ab3feab0f7375481ee130b561_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:2a3ef39ec8a730e03da51f2f251c21577cdc6308afd8fb07f95be613cd3da041_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:6ac6c7f1cc61becb2ef19ea4f39cee4706ec6c64df5b247ab1cc7fdef0ec303a_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:a615642c33a1e06061e8248facdef75e6c2bb9de66da0182b2e5649392939a2d_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/pilot-rhel8@sha256:d4ae3a2e1ad5e11f0d520cc50e754ad5f4f14aea9b2f2d87cde30794b7dddbbf_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:450edfc59d33b4b86fad1caaf2dea72333de0ea1c590df487bbac6558d1bd15e_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:478d3ddbefce1f4a5f6ed7ab38db87e589cc37583d19a3b8bf2aba89a1ea1543_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:5bfcc8136345c9bbc43e626a627f1936b576249443e1b603a11e32658fa94ebe_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/ratelimit-rhel8@sha256:a5e6ebc462d6eeabcc7af4e4c64d79782607bc588b5c2160d5c1e996788a663b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…