CVE-2026-32288: CWE-400: Uncontrolled Resource Consumption in Go standard library archive/tar
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
AI Analysis
Technical Summary
The Go standard library archive/tar package contains a vulnerability (CVE-2026-32288) classified as CWE-400 (Uncontrolled Resource Consumption). Specifically, the tar.Reader component can allocate excessive memory when reading archives that contain a large number of sparse regions encoded using the old GNU sparse map format. This can cause the application to consume unbounded memory, potentially leading to denial of service conditions. The issue affects Go versions up to 1.26.0-0. No CVSS score or vendor advisory patch information is currently available.
Potential Impact
An attacker can craft a malicious tar archive that triggers excessive memory allocation during extraction, potentially causing the application or system to become unresponsive or crash due to resource exhaustion. This can result in denial of service but does not indicate direct code execution or data corruption based on the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid processing untrusted tar archives containing old GNU sparse map format sparse regions. Monitoring vendor channels for updates is recommended.
CVE-2026-32288: CWE-400: Uncontrolled Resource Consumption in Go standard library archive/tar
Description
tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Go standard library archive/tar package contains a vulnerability (CVE-2026-32288) classified as CWE-400 (Uncontrolled Resource Consumption). Specifically, the tar.Reader component can allocate excessive memory when reading archives that contain a large number of sparse regions encoded using the old GNU sparse map format. This can cause the application to consume unbounded memory, potentially leading to denial of service conditions. The issue affects Go versions up to 1.26.0-0. No CVSS score or vendor advisory patch information is currently available.
Potential Impact
An attacker can craft a malicious tar archive that triggers excessive memory allocation during extraction, potentially causing the application or system to become unresponsive or crash due to resource exhaustion. This can result in denial of service but does not indicate direct code execution or data corruption based on the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should avoid processing untrusted tar archives containing old GNU sparse map format sparse regions. Monitoring vendor channels for updates is recommended.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Go
- Date Reserved
- 2026-03-11T16:38:46.557Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d5da2d43e2781badfbe696
Added to database: 4/8/2026, 4:31:41 AM
Last enriched: 4/8/2026, 4:46:56 AM
Last updated: 4/8/2026, 6:23:32 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.