4 matches found
Design/Logic Flaw
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...
CVE-2023-33958 Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...
CVE-2023-33957 Denial of service from high number of artifact signatures in notation
notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...
PT-2023-24599 · Unknown · Notation-Go
Name of the Vulnerable Software and Affected Versions: notation versions prior to v1.0.0-rc.6 Description: An attacker who has compromised a registry can cause users to verify the wrong artifact. This issue allows an attacker to lead a user into verifying the wrong artifact if they control or...