CVE & CISA-KEV Catalog

CVE-2025-58058

MEDIUM
5.3
CVSS v3
NVD

Description

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.

How to fix

Remediation Available
golang-github-ulikunitz-xzDebian
Fixed in:0.5.15-1CVE-2025-58058
registry.redhat.io/multicluster-engine/assistedRed Hat / RHEL
Fixed in:installer-rhel9@sha256:a382b267318a49d9dc29d704afb41f188edc15021d267d402203fcd10722dd5f_arm64RHSA-2026:26254
Fixed in:installer-rhel9@sha256:458a6eaf23dc717f6988c94556bbbc224dcd2bbaa7573aed6fa820086f9523fe_s390xRHSA-2026:26254
Fixed in:installer-rhel9@sha256:ba3b4da8d399b387de1047cd7952224d0032c3748d12928a9b7eda776df8a38a_ppc64leRHSA-2026:26254
Fixed in:installer-rhel9@sha256:d301ef6d274f4127b4eaf7ae78d2dd8af51aeebf999dd8624d20cbf0ba05864b_amd64RHSA-2026:26254
registry.redhat.io/multicluster-engine/assistedRocky
Fixed in:installer-rhel9@sha256:a382b267318a49d9dc29d704afb41f188edc15021d267d402203fcd10722dd5f_arm64RHSA-2026:26254
Fixed in:installer-rhel9@sha256:d301ef6d274f4127b4eaf7ae78d2dd8af51aeebf999dd8624d20cbf0ba05864b_amd64RHSA-2026:26254
Fixed in:installer-rhel9@sha256:458a6eaf23dc717f6988c94556bbbc224dcd2bbaa7573aed6fa820086f9523fe_s390xRHSA-2026:26254
Fixed in:installer-rhel9@sha256:ba3b4da8d399b387de1047cd7952224d0032c3748d12928a9b7eda776df8a38a_ppc64leRHSA-2026:26254
registry.redhat.io/multicluster-engine/assisted-imageRed Hat / RHEL
Fixed in:service-rhel9@sha256:bc2f8ee10452ea3e4841fb5c9acffbb820c53b329527c8580afccedb2a4bf37e_ppc64leRHSA-2026:26254
Fixed in:service-rhel9@sha256:5afcb0cd2a9c693cec0839deed6435c69abb50a4a50e5e55a69d3f553806bbd1_arm64RHSA-2026:26254
Fixed in:service-rhel9@sha256:e9e0e699e9e9acf9645f1e38f71d08ba1711066c16d10f1b6475439c7661dcae_s390xRHSA-2026:26254
Fixed in:service-rhel9@sha256:6c5c5c4686bfc5cc9bbef1fcd990ee72af1080796cb0849ad006b6673a05859b_amd64RHSA-2026:26254
registry.redhat.io/multicluster-engine/assisted-imageRocky
Fixed in:service-rhel9@sha256:5afcb0cd2a9c693cec0839deed6435c69abb50a4a50e5e55a69d3f553806bbd1_arm64RHSA-2026:26254
Fixed in:service-rhel9@sha256:e9e0e699e9e9acf9645f1e38f71d08ba1711066c16d10f1b6475439c7661dcae_s390xRHSA-2026:26254
Fixed in:service-rhel9@sha256:bc2f8ee10452ea3e4841fb5c9acffbb820c53b329527c8580afccedb2a4bf37e_ppc64leRHSA-2026:26254
Fixed in:service-rhel9@sha256:6c5c5c4686bfc5cc9bbef1fcd990ee72af1080796cb0849ad006b6673a05859b_amd64RHSA-2026:26254
registry.redhat.io/multicluster-engine/assisted-installerRocky
Fixed in:controller-rhel9@sha256:1aef2fa08a49510813e8cc149cc737c09570c4c94d4441e846d0abdbd97b434f_amd64RHSA-2026:26254
Fixed in:agent-rhel9@sha256:8bf11dabddf6d4784f1c397d300d953ffd762ef3db8b823971577fbef032a15b_ppc64leRHSA-2026:26254
Fixed in:controller-rhel9@sha256:dfcd7d76bfa892b6be2c2abd99f13bd7e58d2ca82ea99bf2443cec9b888fd918_ppc64leRHSA-2026:26254
Fixed in:agent-rhel9@sha256:d040d471b0b65a4be2d71e519cdf05d9040865a0889960335709d7f10b504e59_amd64RHSA-2026:26254
Fixed in:agent-rhel9@sha256:c34bb03b1038bbed1e6f47c2105703ae2214c772467ac2cea733cf6b2bd5572f_arm64RHSA-2026:26254
Fixed in:controller-rhel9@sha256:f3379b9e6c08cd00abcf7be97308b7ff2354697407a026d5f08e942b47ca7e08_arm64RHSA-2026:26254
Fixed in:agent-rhel9@sha256:2b436e18e98a63c98ccd5aa4e5315a4e8d7f9c6f0d1ba7ce36cf1f445ba6b213_s390xRHSA-2026:26254
Fixed in:controller-rhel9@sha256:b94a3f3ad45af3d4dd10498d5e6906947c72adc1361e50bda9482ba954e6567b_s390xRHSA-2026:26254
registry.redhat.io/multicluster-engine/assisted-installerRed Hat / RHEL
Fixed in:agent-rhel9@sha256:8bf11dabddf6d4784f1c397d300d953ffd762ef3db8b823971577fbef032a15b_ppc64leRHSA-2026:26254
Fixed in:controller-rhel9@sha256:dfcd7d76bfa892b6be2c2abd99f13bd7e58d2ca82ea99bf2443cec9b888fd918_ppc64leRHSA-2026:26254
Fixed in:agent-rhel9@sha256:d040d471b0b65a4be2d71e519cdf05d9040865a0889960335709d7f10b504e59_amd64RHSA-2026:26254
Fixed in:controller-rhel9@sha256:1aef2fa08a49510813e8cc149cc737c09570c4c94d4441e846d0abdbd97b434f_amd64RHSA-2026:26254
Fixed in:agent-rhel9@sha256:c34bb03b1038bbed1e6f47c2105703ae2214c772467ac2cea733cf6b2bd5572f_arm64RHSA-2026:26254
Fixed in:controller-rhel9@sha256:f3379b9e6c08cd00abcf7be97308b7ff2354697407a026d5f08e942b47ca7e08_arm64RHSA-2026:26254
Fixed in:agent-rhel9@sha256:2b436e18e98a63c98ccd5aa4e5315a4e8d7f9c6f0d1ba7ce36cf1f445ba6b213_s390xRHSA-2026:26254
Fixed in:controller-rhel9@sha256:b94a3f3ad45af3d4dd10498d5e6906947c72adc1361e50bda9482ba954e6567b_s390xRHSA-2026:26254
registry.redhat.io/multicluster-engine/assisted-serviceRocky
Fixed in:8-rhel8@sha256:78857cf0c460c7639b30bcee92cff7e5e2c8d0423e42522267c4d9ace96ad1b9_s390xRHSA-2026:26257
Fixed in:8-rhel8@sha256:2c6a0275687920af7a4852828689429b54fc89f5f6d457fc5b00e6300bef47ff_ppc64leRHSA-2026:26257
Fixed in:9-rhel9@sha256:228e5cefc1e32500a2b244ebeaa4b700efed644c5e266a6b3d139e23a6d1113d_amd64RHSA-2026:26254
Fixed in:8-rhel8@sha256:aa1b61f73bdfc1b60d1fa100e2b060eca0ef578c69a681f7603b49d81fc273ce_arm64RHSA-2026:26257
Fixed in:8-rhel8@sha256:96d38a23205177fb651c7eac72711143cdbc847d29d26d60e1b364e3dd969f25_amd64RHSA-2026:26257
Fixed in:9-rhel9@sha256:a11d75aec4913b0643f7e74d4138c9cfa19b6ab4c6280519948de935873b4570_s390xRHSA-2026:26254
Fixed in:9-rhel9@sha256:bd04b7cfba87314171b1ce6113b0cc37b386a4bf30ae2f9020011ce002c6e933_arm64RHSA-2026:26254
Fixed in:9-rhel9@sha256:2b9e8ab86b77035917aaa673ecc311a0fe0be0687c65a3e000b9e3dfe3e02bb7_ppc64leRHSA-2026:26254
registry.redhat.io/multicluster-engine/assisted-serviceRed Hat / RHEL
Fixed in:8-rhel8@sha256:2c6a0275687920af7a4852828689429b54fc89f5f6d457fc5b00e6300bef47ff_ppc64leRHSA-2026:26257
Fixed in:8-rhel8@sha256:96d38a23205177fb651c7eac72711143cdbc847d29d26d60e1b364e3dd969f25_amd64RHSA-2026:26257
Fixed in:9-rhel9@sha256:bd04b7cfba87314171b1ce6113b0cc37b386a4bf30ae2f9020011ce002c6e933_arm64RHSA-2026:26254
Fixed in:8-rhel8@sha256:aa1b61f73bdfc1b60d1fa100e2b060eca0ef578c69a681f7603b49d81fc273ce_arm64RHSA-2026:26257
Fixed in:9-rhel9@sha256:a11d75aec4913b0643f7e74d4138c9cfa19b6ab4c6280519948de935873b4570_s390xRHSA-2026:26254
Fixed in:9-rhel9@sha256:228e5cefc1e32500a2b244ebeaa4b700efed644c5e266a6b3d139e23a6d1113d_amd64RHSA-2026:26254
Fixed in:9-rhel9@sha256:2b9e8ab86b77035917aaa673ecc311a0fe0be0687c65a3e000b9e3dfe3e02bb7_ppc64leRHSA-2026:26254
Fixed in:8-rhel8@sha256:78857cf0c460c7639b30bcee92cff7e5e2c8d0423e42522267c4d9ace96ad1b9_s390xRHSA-2026:26257

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploit Intelligence

0.39%probability of exploitation in 30 days
30thpercentile

Low risk: more likely to be exploited than 30% of all known CVEs.

References

Other references2

Related Vulnerabilities

Other CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-50387High7.5100%-Fix
CVE-2019-11478Medium5.395%-Fix
CVE-2019-11479High7.592%-Fix
CVE-2024-27316High7.591%-Fix
CVE-2022-30522High7.590%-Fix
CVE-2019-9515High7.588%-Fix
Embed a live status badge for CVE-2025-58058
CVE-2025-58058 severity badge

Markdown

[![CVE-2025-58058](https://tridentstack.com/cve/badge/CVE-2025-58058.svg)](https://tridentstack.com/cve/CVE-2025-58058)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-58058"><img src="https://tridentstack.com/cve/badge/CVE-2025-58058.svg" alt="CVE-2025-58058"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-08-29.