Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Libarchive tar reader can run out of memory with malicious archive
DEBIAN-CVE-2026-32288
Summary
Libarchive's tar reader can be exploited to consume an excessive amount of memory by processing a specially crafted archive. This can cause the program to crash or become unresponsive. To protect against this, ensure you are running the latest version of Libarchive.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | golang-1.15 | All versions | – |
| debian | golang-1.19 | All versions | – |
| debian | golang-1.24 | All versions | – |
| debian | golang-1.24 | All versions | – |
| debian | golang-1.25 | All versions | – |
| debian | golang-1.26 | All versions | – |
Original title
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
Original description
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
- https://security-tracker.debian.org/tracker/CVE-2026-32288 Vendor Advisory
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026