Lucene search
K

4 matches found

Prion
Prion
added 2023/06/06 7:15 p.m.18 views

Design/Logic Flaw

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

4.3CVSS6.4AI score0.00485EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/06 6:13 p.m.30 views

CVE-2023-33958 Default `maxSignatureAttempts` in `notation verify` enables an endless data attack in notation

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation verify command on the same machine. The...

5.4CVSS6.3AI score0.00485EPSS
Exploits0References4
OSV
OSV
added 2023/06/06 6:10 p.m.18 views

CVE-2023-33957 Denial of service from high number of artifact signatures in notation

notation is a CLI tool to sign and verify OCI artifacts and container images. An attacker who has compromised a registry and added a high number of signatures to an artifact can cause denial of service of services on the machine, if a user runs notation inspect command on the same machine. The...

2.6CVSS5.5AI score0.00506EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.4 views

PT-2023-24599 · Unknown · Notation-Go

Name of the Vulnerable Software and Affected Versions: notation versions prior to v1.0.0-rc.6 Description: An attacker who has compromised a registry can cause users to verify the wrong artifact. This issue allows an attacker to lead a user into verifying the wrong artifact if they control or...

8.8CVSS8.4AI score0.00354EPSS
Exploits0References10
Rows per page
Query Builder