Home > Vulnerability Database > CVE-2023-33199

Mend.io Vulnerability Database

CVE-2023-33199

Good to know:

Date: May 26, 2023

Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the "intoto/v0.0.2" type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: Go

Severity Score

5.3

Related Resources (5)

Url: https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33199

Url: https://github.com/sigstore/rekor/security/advisories/GHSA-frqx-jfcm-6jjr

Url: https://github.com/sigstore/rekor

Url: https://www.mend.io/vulnerability-database/CVE-2023-33199

Severity Score

5.3

Weakness Type (CWE)

Reachable Assertion

CWE-617

Top Fix

Upgrade Version

Upgrade to version github.com/sigstore/rekor - v1.2.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33199

Good to know:

Date: May 26, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?