5 matches found
EUVD-2025-201293
Fulcio allocates excessive memory during token parsing...
CVE-2025-66506
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...
CVE-2025-66506 Fulcio allocates excessive memory during token parsing
Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...
CVE-2025-66506
CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...
PT-2025-49168
Name of the Vulnerable Software and Affected Versions Fulcio versions prior to 1.8.3 Description Fulcio is a certificate authority for issuing code signing certificates for OpenID Connect OIDC identity. The identity.extractIssuerURL function splits its input, which is untrusted data, on periods. ...