Lucene search
PRIOn knowledge basePRION:CVE-2023-25656HistoryFeb 20, 2023 - 4:15 p.m.
Design/Logic Flaw
2023-02-2016:15:00
PRIOn knowledge base
www.prio-n.com
4
notation-go
memory impact
signature verification
patched
trust policy
identity string
trust store
authenticity validation
nvd
0.001 Low
EPSS
Percentile
38.0%
notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains =#. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the authenticity validation is set to enforce.
| CPE | Name | Operator | Version |
|---|---|---|---|
| notation-go | eq | 0.7.0 alpha1 | |
| notation-go | eq | 0.8.0 alpha1 | |
| notation-go | eq | 0.9.0 alpha1 |
Related
osv
osv
notation-go has excessive memory allocation on verification
2023-02-22 00:03:49
github
github
notation-go has excessive memory allocation on verification
2023-02-22 00:03:49
veracode
veracode
Denial Of Service (DoS)
2023-02-26 10:40:10
wolfi
wolfi
CVE-2023-25656 vulnerabilities
2024-07-02 03:09:22
cgr
cgr
CVE-2023-25656 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2023-25656 notation-go has excessive memory allocation on verification
2023-02-20 00:00:00
cve
cve
CVE-2023-25656
2023-02-20 16:15:10
nvd
nvd
CVE-2023-25656
2023-02-20 16:15:10