Affected by GO-2025-3781
and 20 other vulnerabilities
GO-2025-3781 : Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks in github.com/lxc/incus
GO-2025-3782 : Incus creates nftables rules that partially bypass security options in github.com/lxc/incus
GO-2025-4115 : Incus vulnerable to local privilege escalation through custom storage volumes in github.com/lxc/incus
GO-2026-4357 : Incus container image templating arbitrary host file read and write in github.com/lxc/incus
GO-2026-4359 : Incus container environment configuration newline injection in github.com/lxc/incus
GO-2026-4879 : Local Incus UI web server vulnerable to nuthentication bypass in github.com/lxc/incus
GO-2026-4881 : Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus
GO-2026-4882 : Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus
GO-2026-4884 : Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus
GO-2026-4885 : Incus vulnerable to local privilege escalation through VM screenshot path in github.com/lxc/incus
GO-2026-4886 : Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
GO-2026-5127 : Incus Vulnerable to Panic via Snapshot Bounds Check in github.com/lxc/incus
GO-2026-5168 : Incus has Unbounded YAML Metadata Decode via Parsing in github.com/lxc/incus
GO-2026-5252 : Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted) in github.com/lxc/incus
GO-2026-5254 : Incus has Blind SSRF via Image Import Preflight HEAD in github.com/lxc/incus
GO-2026-5280 : Incus is affected by unbounded binary import disk exhaustion in github.com/lxc/incus
GO-2026-5319 : Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots in github.com/lxc/incus
GO-2026-5384 : Incus has Nil-Pointer Dereference via S3 Bucket Import in github.com/lxc/incus
GO-2026-5397 : Incus has a Nil-Pointer Dereference Panic via Bucket Metadata in github.com/lxc/incus
GO-2026-5612 : Incus has a Nil-Pointer Dereference via Custom Volume Import in github.com/lxc/incus
GO-2026-5742 : Incus has Nil Dereferences on Restore via Malformed YAML in github.com/lxc/incus
The highest tagged major version is
v7 .
Discover Packages
github.com/lxc/incus
shared
archive
package
Version:
v0.7.0
Opens a new window with list of versions in this module.
Published: Mar 26, 2024
License: Apache-2.0
Opens a new window with license information.
Imports: 12
Opens a new window with list of imports.
Imported by: 1
Opens a new window with list of known importers.
Jump to ...
Documentation
Index
Constants
Variables
Functions
CompressedTarReader(ctx, r, unpacker, outputPath)
DetectCompression(fname)
DetectCompressionFile(f)
ExtractWithFds(cmdName, args, allowedCmds, stdin, output)
Unpack(file, path, blockBackend, maxMemory, tracker)
Types
Source Files
Documentation
Documentation
¶
Rendered for
linux/amd64
windows/amd64
darwin/amd64
js/wasm
Variables
func CompressedTarReader(ctx context.Context, r io.ReadSeeker, unpacker []string, outputPath string) (*tar.Reader, context.CancelFunc, error)
func DetectCompression(fname string) ([]string, string, []string, error)
func DetectCompressionFile(f io.Reader) ([]string, string, []string, error)
func ExtractWithFds(cmdName string, args []string, allowedCmds []string, stdin io.ReadCloser, ...) error
func Unpack(file string, path string, blockBackend bool, maxMemory int64, ...) error
RunWrapper is an optional function that's used to wrap rsync, useful for confinement like AppArmor.
CompressedTarReader returns a tar reader from the supplied (optionally compressed) tarball stream.
The unpacker arguments are those returned by DetectCompressionFile().
The returned cancelFunc should be called when finished with reader to clean up any resources used.
This can be done before reading to the end of the tarball if desired.
This uses RunWrapper if set.
DetectCompression detects compression from a file name.
DetectCompressionFile detects the compression type of a file and returns the tar arguments needed
to unpack the file, compression type (in the form of a file extension), and the command needed
to decompress the file to an uncompressed tarball.
ExtractWithFds runs extractor process under specifc AppArmor profile.
The allowedCmds argument specify commands which are allowed to run by apparmor.
The cmd argument is automatically added to allowedCmds slice.
This uses RunWrapper if set.
Unpack extracts image from archive.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.