3 matches found
CVE-2023-33958
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...
CVE-2023-33958 Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...
CVE-2023-33958
CVE-2023-33958 affects the notation CLI tool for signing/verifying OCI artifacts. The issue is a default maxSignatureAttempts setting in notation verify that can be abused by an attacker who controls a registry to serve an unlimited number of signatures for an artifact, causing denial of service ...