CNNVD-202512-433 Information

CNNVD ID

CNNVD-202512-433

Related CVE

CVE-2025-66506

• CNNVD Published: 2025-12-04

Description (Chinese)

Fulcio是sigstore开源的一个证书颁发机构。 Fulcio 1.8.3之前版本存在安全漏洞，该漏洞源于identity.extractIssuerURL函数处理不当，可能导致内存分配问题。

Description (English)

Fulcio is a certificate issuing authority for sigstore. The previous version of Fulcio 1.8.3 had a security loophole, which stemmed from the inappropriate handling of the function, i.e., i.e., i.e., the i.e., the i.e., the i.e., the i.e., the i.e., the i.e., the i.e., the i.e., the i., the i.e., the i., the i., the i.e., the i., the i., the i.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

sigstore

Published

2025-12-04

Last Modified

2026-02-24

References

https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw

Patch

https://github.com/sigstore/fulcio/releases