CVE-2025-11579

github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

Published Oct 11, 2025

https://github.com/advisories/GHSA-rwvp-r38j-9rgg

CVSS ScoreMedium

6.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-11579

github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

Published Oct 11, 2025

https://github.com/advisories/GHSA-rwvp-r38j-9rgg

CVSS ScoreMedium

6.5


golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.1
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.2
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.3
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.4.0.20241112120701-034e449c6e78
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.4
golang	github.com/nwaples/rardecode/v2	v2.0.0
golang	github.com/nwaples/rardecode/v2	v2.0.1
golang	github.com/nwaples/rardecode/v2	v2.1.0
golang	github.com/nwaples/rardecode/v2	v2.1.1

Ecosystem	Package	Version


golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.1
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.2
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.3
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.4.0.20241112120701-034e449c6e78
golang	github.com/nwaples/rardecode/v2	v2.0.0-beta.4
golang	github.com/nwaples/rardecode/v2	v2.0.0
golang	github.com/nwaples/rardecode/v2	v2.0.1
golang	github.com/nwaples/rardecode/v2	v2.1.0
golang	github.com/nwaples/rardecode/v2	v2.1.1

Find vulnerabilities. Fix fast with AI.

CVE-2025-11579

CVE-2025-11579