Lucene search
K

21 matches found

OSV
OSV
added last week5 views

GO-2026-5851 Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...

5.5CVSS7.1AI score0.00099EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-39984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the...

5.5CVSS7AI score0.00099EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/15 12:0 a.m.5 views

CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 11:41 p.m.2 views

CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.9AI score0.00099EPSS
Exploits0References4
CVE
CVE
added 2026/04/14 11:41 p.m.39 views

CVE-2026-39984

CVE-2026-39984 – Sigstore Timestamp Authority (tsa/timestamp-authority/v2/pkg/verification) : Versions 2.0.5 and earlier contain an authorization bypass in VerifyTimestampResponse. The code validates the certificate chain correctly but applies TSA-specific constraints using the first non-CA certi...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2026/01/07 12:0 a.m.10 views

Medium: runfinch-finch

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.2AI score0.00533EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2025/12/16 12:23 a.m.5 views

SUSE CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS6.8AI score0.00411EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/11 8:38 a.m.4 views

CVE-2025-66564

A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header...

7.5CVSS6AI score0.00411EPSS
Exploits0References5
OSV
OSV
added 2025/12/08 9:31 p.m.4 views

GO-2025-4192 Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority...

7.5CVSS6.9AI score0.00411EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-66564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to...

7.5CVSS7.3AI score0.00411EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/12/05 6:19 p.m.7 views

Sigstore Timestamp Authority allocates excessive memory during request parsing

Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...

7.5CVSS6.9AI score0.00411EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/04 11:15 p.m.8 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS0.00411EPSS
Exploits0References2
OSV
OSV
added 2025/12/04 11:15 p.m.2 views

DEBIAN-CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.3AI score0.00411EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 11:15 p.m.4 views

UBUNTU-CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.8AI score0.00411EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/04 10:37 p.m.25 views

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS0.00411EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 10:37 p.m.2 views

CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS6.4AI score0.00411EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/04 10:37 p.m.3 views

CVE-2025-66564

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...

7.5CVSS5.3AI score0.00411EPSS
Exploits0
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.5 views

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is a RFC3161 timestamp authorization software from sigstore open source. A security vulnerability exists in Sigstore Timestamp Authority versions prior to 2.0.3, which stems from mishandling of untrusted data by the api.ParseJSONRequest and api.getContentType function...

7.5CVSS6.3AI score0.00411EPSS
Exploits0References2
Rows per page
Query Builder