CNNVD-202601-3903 Information
CNNVD ID
CNNVD-202601-3903
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
go-tuf是The Update Framework开源的一个用于保护软件更新系统的框架。 go-tuf 2.0.0版本至2.3.1之前版本存在代码问题漏洞,该漏洞源于解析无效TUF元数据JSON时发生内核崩溃,可能导致拒绝服务。
Description (English)
Go-tuf is a framework for the Open Source of The Update Framework to protect the software update system. There is a code problem loophole in the pre-versions of go-tuf 2.0 to 2.3.1, which results from a kernel collapse when the invalid TUF metadata JSON is decrypted, which could lead to the denial of services.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
The Update Framework
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/theupdateframework/go-tuf/commit/73345ab6b0eb7e59d525dac17a428f043074cef6 https://github.com/theupdateframework/go-tuf/releases/tag/v2.3.1 https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-846p-jg2w-w324
Patch
https://github.com/theupdateframework/go-tuf/releases
Share on: