Lucene search
GoogleOSV:GO-2023-2181HistoryNov 09, 2023 - 6:40 p.m.
Denial of service attack from remote registry in github.com/sigstore/cosign
2023-11-0918:40:33
Google
osv.dev
22
denial of service
remote registry
github
sigstore
cosign
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
17.0%
An attacker who controls a remote registry can return a high number of attestations and/or signatures to cosign. This can cause cosign to enter a long loop resulting in a denial of service, i.e., endless data attack.
Related
osv
osv
CGA-m963-xmh8-2pc8
2024-06-06 12:28:27
Cosign vulnerable to possible endless data attack from attacker-controlled registry
2023-11-08 15:02:51
CGA-3qx5-c88r-3829
2024-06-06 12:22:06
alpinelinux
alpinelinux
CVE-2023-46737
2023-11-07 18:15:09
nessus
nessus
vulnrichment
vulnrichment
redhatcve
redhatcve
CVE-2023-46737
2023-11-09 22:44:12
veracode
veracode
Denial Of Service
2023-11-08 06:51:22
prion
prion
Design/Logic Flaw
2023-11-07 18:15:00
github
github
wolfi
wolfi
CVE-2023-46737 vulnerabilities
2024-09-21 03:21:11
cvelist
cvelist
cve
cve
CVE-2023-46737
2023-11-07 18:15:09
cgr
cgr
CVE-2023-46737 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2023-46737
2023-11-07 18:15:09
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
17.0%
Related for OSV:GO-2023-2181