Lucene search

GoogleOSV:GO-2024-3116

HistorySep 06, 2024 - 8:43 p.m.

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go

2024-09-0620:43:50

Google

osv.dev

sigstore-go unbounded loop untrusted input endless data attack github.com/sigstore/sigstore-go software

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go

References

github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/signature.go#L183-L193

github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tlog.go#L74-L178

github.com/sigstore/sigstore-go/blob/725e508ed4933e6f5b5206e32af4bbe76f587b54/pkg/verify/tsa.go#L59-L68

github.com/sigstore/sigstore-go/commit/01e70e89e58226286d7977b4dba43b6be472b12c

github.com/sigstore/sigstore-go/security/advisories/GHSA-cq38-jh5f-37mq

nvd.nist.gov/vuln/detail/CVE-2024-45395

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

6.7

Confidence

Low

JSON

Related for OSV:GO-2024-3116