CNNVD-202512-425 Information
CNNVD ID
CNNVD-202512-425
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Sigstore Timestamp Authority是sigstore开源的一个RFC3161时间戳授权软件。 Sigstore Timestamp Authority 2.0.3之前版本存在安全漏洞,该漏洞源于api.ParseJSONRequest和api.getContentType函数对非信任数据处理不当,可能导致内存过度分配。
Description (English)
Sigstore Timestamp Association is a RFC 3161 time stamping software that is open to sigstore. There was a security loophole in the pre-Sigstore Timestamp System 2.0.3 version, which originated from the inappropriate processing of untrusted data by the Api. ParseJONRequest and api.getContantType functions, which could lead to over-allocation of memory.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
sigstore
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421 https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh
Patch
https://github.com/sigstore/timestamp-authority/releases
Share on: