Ignore GO-2025-4014

author: Markus Pettersson <markus.pettersson@mullvad.net> 2025-10-30 10:01:07 +0100
committer: Markus Pettersson <markus.pettersson@mullvad.net> 2025-10-30 15:07:32 +0100
commit: 0192c04622c3f4807d1ef871cf8c02f46fd01f8f (patch)
tree: 073bb71efd62e617fdd09e1a13e7d26ec9e6f516
parent: 0cb9e6f90867f15a2e628fc3737849efe7bf6ed2 (diff)
download: mullvadvpn-0192c04622c3f4807d1ef871cf8c02f46fd01f8f.tar.xz
mullvadvpn-0192c04622c3f4807d1ef871cf8c02f46fd01f8f.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/wireguard-go-rs/libwg/osv-scanner.toml b/wireguard-go-rs/libwg/osv-scanner.toml
index dfc9ede9bc..638008e24b 100644
--- a/wireguard-go-rs/libwg/osv-scanner.toml
+++ b/wireguard-go-rs/libwg/osv-scanner.toml
@@ -150,3 +150,9 @@ reason = "wireguard-go does not use net/http"
 id = "CVE-2025-58188" # GO-2025-4013
 ignoreUntil = 2026-10-30
 reason = "'This affects programs which validate arbitrary certificate chains.' wireguard-go does not do that"
+
+# Unbounded allocation when parsing GNU sparse map (archive/tar)
+[[IgnoredVulns]]
+id = "CVE-2025-58183" # GO-2025-4014
+ignoreUntil = 2026-10-30
+reason = "wireguard-go does not use archive/tar"
author	Markus Pettersson <markus.pettersson@mullvad.net>	2025-10-30 10:01:07 +0100
committer	Markus Pettersson <markus.pettersson@mullvad.net>	2025-10-30 15:07:32 +0100
commit	0192c04622c3f4807d1ef871cf8c02f46fd01f8f (patch)
tree	073bb71efd62e617fdd09e1a13e7d26ec9e6f516
parent	0cb9e6f90867f15a2e628fc3737849efe7bf6ed2 (diff)
download	mullvadvpn-0192c04622c3f4807d1ef871cf8c02f46fd01f8f.tar.xz mullvadvpn-0192c04622c3f4807d1ef871cf8c02f46fd01f8f.zip