2 matches found
EUVD-2025-201293
Fulcio allocates excessive memory during token parsing...
CVE-2025-66506
CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...