Lucene search
K

5 matches found

EUVD
EUVD
added 2025/12/05 6:18 p.m.4 views

EUVD-2025-201293

Fulcio allocates excessive memory during token parsing...

7.5CVSS6.4AI score0.00191EPSS
Exploits0References3
NVD
NVD
added 2025/12/04 10:15 p.m.4 views

CVE-2025-66506

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 10:4 p.m.2 views

CVE-2025-66506 Fulcio allocates excessive memory during token parsing

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3, function identity.extractIssuerURL splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious...

7.5CVSS6.6AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 10:4 p.m.46 views

CVE-2025-66506

CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...

7.5CVSS6.6AI score0.00191EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.2 views

PT-2025-49168

Name of the Vulnerable Software and Affected Versions Fulcio versions prior to 1.8.3 Description Fulcio is a certificate authority for issuing code signing certificates for OpenID Connect OIDC identity. The identity.extractIssuerURL function splits its input, which is untrusted data, on periods. ...

7.5CVSS6.8AI score0.00191EPSS
Exploits0References7
Rows per page
Query Builder