Red Hat Security Advisory: go-toolset:rhel8 security update
Red Hat has issued a moderate severity security advisory for the go-toolset module in Red Hat Enterprise Linux 8. 8. The update addresses two vulnerabilities: CVE-2025-47906, involving unexpected paths returned from the LookPath function in the os/exec package, and CVE-2025-58183, an unbounded allocation issue when parsing GNU sparse maps in the archive/tar package. These vulnerabilities affect the Go programming language tools and libraries provided by the go-toolset. No known exploits are reported in the wild. The advisory includes updated packages to remediate these issues.
AI Analysis
Technical Summary
This advisory covers two security fixes in the go-toolset for Red Hat Enterprise Linux 8.8. CVE-2025-47906 addresses a vulnerability in the os/exec package where LookPath may return unexpected paths, potentially leading to security concerns related to command execution. CVE-2025-58183 fixes an unbounded memory allocation vulnerability in the archive/tar package when parsing GNU sparse maps, which could cause resource exhaustion. Red Hat has released updated go-toolset packages containing these fixes. The advisory rates the impact as moderate and provides links to updated packages and instructions for applying the update.
Potential Impact
The vulnerabilities could lead to unexpected behavior in Go programs using the affected packages, potentially causing security issues such as improper command path resolution or excessive memory allocation. However, no known exploits are reported in the wild, and the overall impact is rated moderate by Red Hat Product Security.
Mitigation Recommendations
Red Hat has released updated go-toolset packages for Red Hat Enterprise Linux 8.8 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory (https://access.redhat.com/articles/11258) to remediate these issues. Since official fixes are available, applying the update is the recommended mitigation. There is no indication that additional mitigations are required beyond installing the provided patches.
Red Hat Security Advisory: go-toolset:rhel8 security update
Description
Red Hat has issued a moderate severity security advisory for the go-toolset module in Red Hat Enterprise Linux 8. 8. The update addresses two vulnerabilities: CVE-2025-47906, involving unexpected paths returned from the LookPath function in the os/exec package, and CVE-2025-58183, an unbounded allocation issue when parsing GNU sparse maps in the archive/tar package. These vulnerabilities affect the Go programming language tools and libraries provided by the go-toolset. No known exploits are reported in the wild. The advisory includes updated packages to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two security fixes in the go-toolset for Red Hat Enterprise Linux 8.8. CVE-2025-47906 addresses a vulnerability in the os/exec package where LookPath may return unexpected paths, potentially leading to security concerns related to command execution. CVE-2025-58183 fixes an unbounded memory allocation vulnerability in the archive/tar package when parsing GNU sparse maps, which could cause resource exhaustion. Red Hat has released updated go-toolset packages containing these fixes. The advisory rates the impact as moderate and provides links to updated packages and instructions for applying the update.
Potential Impact
The vulnerabilities could lead to unexpected behavior in Go programs using the affected packages, potentially causing security issues such as improper command path resolution or excessive memory allocation. However, no known exploits are reported in the wild, and the overall impact is rated moderate by Red Hat Product Security.
Mitigation Recommendations
Red Hat has released updated go-toolset packages for Red Hat Enterprise Linux 8.8 that address these vulnerabilities. Users should apply the security update as described in the Red Hat advisory (https://access.redhat.com/articles/11258) to remediate these issues. Since official fixes are available, applying the update is the recommended mitigation. There is no indication that additional mitigations are required beyond installing the provided patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:23737
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-58183"]
- Cvss Version
- null
Threat ID: 6a160974e29bf47b5063d57b
Added to database: 5/26/2026, 8:58:28 PM
Last enriched: 5/27/2026, 12:07:36 AM
Last updated: 5/27/2026, 5:01:06 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.