6 matches found
EUVD-2023-3044
Malicious code in bioql PyPI...
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Summary Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is tha...
Design/Logic Flaw
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
CVE-2023-46737
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
CVE-2023-46737 Possible endless data attack from attacker-controlled registry in cosign
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...
CVE-2023-46737
CVE-2023-46737 affects Cosign, a sigstore signing tool for OCI containers. The root cause is that Cosign loops through all attestations fetched from a remote registry in pkg/cosign.FetchAttestations, allowing an attacker-controlled registry to return a high number of attestations or signatures an...