21 matches found
GO-2026-5851 Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority
Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority...
GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority
Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...
Linux Distros Unpatched Vulnerability : CVE-2026-39984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the...
CVE-2026-39984
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
Sigstore Timestamp Authority 安全漏洞
Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...
CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...
CVE-2026-39984
CVE-2026-39984 – Sigstore Timestamp Authority (tsa/timestamp-authority/v2/pkg/verification) : Versions 2.0.5 and earlier contain an authorization bypass in VerifyTimestampResponse. The code validates the certificate chain correctly but applies TSA-specific constraints using the first non-CA certi...
Medium: runfinch-finch
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
SUSE CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
CVE-2025-66564
A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header...
GO-2025-4192 Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority
Sigstore Timestamp Authority allocates excessive memory during request parsing in github.com/sigstore/timestamp-authority...
Linux Distros Unpatched Vulnerability : CVE-2025-66564
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to...
Sigstore Timestamp Authority allocates excessive memory during request parsing
Impact Excessive memory allocation Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type header which is also untrusted data on an application string...
CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
DEBIAN-CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
UBUNTU-CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
CVE-2025-66564 Sigstore Timestamp Authority allocates excessive memory during request parsing
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
CVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits via a call to strings.Split an optionally-provided OID which is untrusted data on periods. Similarly, function api.getContentType splits the Content-Type heade...
Sigstore Timestamp Authority 安全漏洞
Sigstore Timestamp Authority is a RFC3161 timestamp authorization software from sigstore open source. A security vulnerability exists in Sigstore Timestamp Authority versions prior to 2.0.3, which stems from mishandling of untrusted data by the api.ParseJSONRequest and api.getContentType function...