Lucene search
Veracode Vulnerability DatabaseVERACODE:39425HistoryFeb 26, 2023 - 10:40 a.m.
Denial Of Service (DoS)
2023-02-2610:40:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
denial of service
github
signature verification
memory load
application crash
software
0.001 Low
EPSS
Percentile
38.0%
github.com/notaryproject/notation-go is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to exhaust memory through the signature verification component, either resulting in high memory load or an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/notaryproject/notation-go | le | v1.0.0-rc.2 | |
| github.com/notaryproject/notation-go | le | v1.0.0-rc.2 |
References
github.com/notaryproject/notation-go/commit/5e5cba1e9adfae950c9610951565d2b8b7b03ccc
github.com/notaryproject/notation-go/commit/920ded24402b2727dedb6eb59d8d98ca4997c0e8
github.com/notaryproject/notation-go/pull/262
github.com/notaryproject/notation-go/pull/271
github.com/notaryproject/notation-go/releases/tag/v1.0.0-rc.3
github.com/notaryproject/notation-go/security/advisories/GHSA-87x9-7grx-m28v
Related
osv
osv
notation-go has excessive memory allocation on verification
2023-02-22 00:03:49
github
github
notation-go has excessive memory allocation on verification
2023-02-22 00:03:49
wolfi
wolfi
CVE-2023-25656 vulnerabilities
2024-07-02 03:09:22
cgr
cgr
CVE-2023-25656 vulnerabilities
2024-05-19 03:07:16
cvelist
cvelist
CVE-2023-25656 notation-go has excessive memory allocation on verification
2023-02-20 00:00:00
nvd
nvd
CVE-2023-25656
2023-02-20 16:15:10
cve
cve
CVE-2023-25656
2023-02-20 16:15:10
prion
prion
Design/Logic Flaw
2023-02-20 16:15:00