CNNVD-202601-3457 Information

CNNVD ID

CNNVD-202601-3457

Related CVE

CVE-2026-23831

• CNNVD Published: 2026-01-22

Description (Chinese)

Rekor是sigstore开源的一款开源软件，能够为软件项目供应链中生成的元数据提供一个不可变的防篡改分类账。 Rekor 1.4.3及之前版本存在代码问题漏洞，该漏洞源于处理空消息时未初始化sign1Msg，可能导致空指针取消引用。

Description (English)

Rekor is an open source software that can provide an inflexible anti-false ledger for metadata generated in the software project supply chain. Rekor 1.4.3 and previous versions had a code problem loophole, which originated from the failure to initialize sign1Msg when processing empty messages, which could lead to the cancellation of references by empty fingers.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

sigstore

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/sigstore/rekor/commit/39bae3d192bce48ef4ef2cbd1788fb5770fee8cd https://github.com/sigstore/rekor/releases/tag/v1.5.0 https://github.com/sigstore/rekor/security/advisories/GHSA-273p-m2cw-6833 https://access.redhat.com/security/cve/cve-2026-23831

Patch

https://github.com/sigstore/rekor/releases