Lucene search
K

15 matches found

CNNVD
CNNVD
added 2026/04/15 12:0 a.m.9 views

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/15 12:0 a.m.5 views

CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 11:41 p.m.38 views

CVE-2026-39984

CVE-2026-39984 – Sigstore Timestamp Authority (tsa/timestamp-authority/v2/pkg/verification) : Versions 2.0.5 and earlier contain an authorization bypass in VerifyTimestampResponse. The code validates the certificate chain correctly but applies TSA-specific constraints using the first non-CA certi...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/12/16 12:23 a.m.5 views

SUSE CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/11 8:38 a.m.4 views

CVE-2025-66564

A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header...

7.5CVSS6AI score0.00411EPSS
Exploits0References5
OSV
OSV
added 2025/12/08 9:31 p.m.3 views

GO-2025-4192 Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority...

7.5CVSS6.9AI score0.00411EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-66564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to...

7.5CVSS7.3AI score0.00411EPSS
Exploits0References3
NVD
NVD
added 2025/12/04 11:15 p.m.8 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS0.00411EPSS
Exploits0References2
OSV
OSV
added 2025/12/04 11:15 p.m.2 views

DEBIAN-CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.3AI score0.00411EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 11:15 p.m.4 views

UBUNTU-CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/04 10:37 p.m.25 views

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS0.00411EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 10:37 p.m.2 views

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/04 10:37 p.m.3 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.3AI score0.00411EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.5 views

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is a RFC3161 timestamp authorization software from sigstore open source. A security vulnerability exists in Sigstore Timestamp Authority versions prior to 2.0.3, which stems from mishandling of untrusted data by the api.ParseJSONRequest and api.getContentType function...

7.5CVSS6.3AI score0.00411EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-49174

Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to 2.0.3 Description Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. The api.ParseJSONRequest and api.getContentType functions are susceptible to a denial-of-service issue...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References10
Rows per page
Query Builder