2 matches found
CVE-2023-33958 Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...
CVE-2023-33957
CVE-2023-33957 affects the Notation CLI (github.com/notaryproject/notation) and describes a denial-of-service risk: if a registry is compromised and signs many artifacts, a user running notation inspect/verify can exhaust host resources. The issue is mitigated by upgrading to v1.0.0-rc.6 or newer...