CVE-2023-25656

notation-go is a collection of libraries for supporting Notation sign, verify, push, and pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures. The application will be killed, and thus availability is...

PT-2023-20216 · Unknown · Notation-Go

Name of the Vulnerable Software and Affected Versions: notation-go versions prior to 1.0.0-rc.3 Description: The issue causes excessive memory consumption when verifying signatures, leading to application crashes and impacting availability. Users can review their trust policy file for the identit...