Home > Vulnerability Database > CVE-2023-30551

Mend.io Vulnerability Database

CVE-2023-30551

Good to know:

Date: May 8, 2023

Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.

Language: C++

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-30551

Url: https://github.com/sigstore/rekor/releases/tag/v1.1.1

Url: https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48

Url: https://github.com/sigstore/rekor/security/advisories/GHSA-2h5h-59f5-c5x9

Url: https://github.com/sigstore/rekor

Url: https://www.mend.io/vulnerability-database/CVE-2023-30551

Severity Score

7.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version a97991513bb54cb0982d69d3c0454e567c8c5124

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-30551

Good to know:

Date: May 8, 2023

Language: C++

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?