2 matches found
CVE-2025-66506
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service DoS due to excessive memory allocation when processing a malicious OpenID Connect OIDC identity token containing numerous period characters...
GHSA-F83F-XPX7-FFPW Fulcio allocates excessive memory during token parsing
Function identity.extractIssuerURL currently splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request with an invalid OIDC identity token in the payload containing many period characters, a call to extractIssuerURL incurs...