{ "threat_severity" : "Important", "public_date" : "2025-12-04T22:37:13Z", "bugzilla" : { "description" : "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing", "id" : "2419054", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419054" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-405", "details" : [ "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.", "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header." ], "statement" : "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.", "affected_release" : [ { "product_name" : "OpenShift Security Profiles Operator 1", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2852", "cpe" : "cpe:/a:redhat:openshift_security_profiles_operator:1::el9", "package" : "compliance/openshift-security-profiles-operator-bundle:1771367226" }, { "product_name" : "OpenShift Security Profiles Operator 1", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2852", "cpe" : "cpe:/a:redhat:openshift_security_profiles_operator:1::el9", "package" : "compliance/openshift-security-profiles-rhel8-operator:1770869850" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1769615659" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1770250889" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:1770250889" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:1770074713" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-rhel8-operator:1770074713" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3710", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-chains-controller-rhel8:1772093872" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3712", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-chains-controller-rhel8:1772093872" }, { "product_name" : "Red Hat OpenShift Pipelines 1.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3825", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.20::el9", "package" : "openshift-pipelines/pipelines-chains-controller-rhel9:1771374749" }, { "product_name" : "Red Hat OpenShift Pipelines 1.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3827", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.20::el9", "package" : "openshift-pipelines/pipelines-cli-tkn-rhel9:1772694865" }, { "product_name" : "Red Hat OpenShift Pipelines 1.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3827", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.20::el9", "package" : "openshift-pipelines/pipelines-serve-tkn-cli-rhel9:1772679439" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2144", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/timestamp-authority-rhel9:1770107440" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-02-23T00:00:00Z", "advisory" : "RHSA-2026:3087", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/rhtas-console-rhel9:1771324865" } ], "package_state" : [ { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-cli-tkn-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-opc-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-operator-proxy-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-operator-proxy-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-operator-webhook-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-operator-webhook-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-plugin-event-sender-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-collector-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-operator-bundle", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-aws-cluster-api-controllers-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-ibmcloud-cluster-api-controllers-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/udi-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/client-server-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/cosign-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/gitsign-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/policy-controller-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "zero-trust-workload-identity-manager/spiffe-spire-server-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Affected", "package_name" : "zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-operator-bundle", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Will not fix", "package_name" : "zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-66564\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-66564\nhttps://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421\nhttps://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh" ], "name" : "CVE-2025-66564", "csaw" : false }