github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
References
Configurations
History
16 Jan 2026, 20:56
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Nwaples
Nwaples rardecode |
|
| References | () https://github.com/nwaples/rardecode/commit/52fb4e825c936636f251f7e7deded39ab11df9a9 - Patch | |
| CPE | cpe:2.3:a:nwaples:rardecode:*:*:*:*:*:go:*:* |
02 Dec 2025, 10:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-789 | |
| References |
|
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| Summary | (en) github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash. |
27 Nov 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) Mattermost versions 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does not have access to | |
| CWE | CWE-306 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.1 |
| References |
|
|
10 Oct 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-10 12:15
Updated : 2026-01-16 20:56
NVD link : CVE-2025-11579
Mitre link : CVE-2025-11579
CVE.ORG link : CVE-2025-11579
JSON object : View
Products Affected
nwaples
- rardecode
CWE
CWE-789
Memory Allocation with Excessive Size Value
