Primary

Context

Sigstore Fulcio Excessive Memory Allocation Vulnerability in OIDC Token Parsing

Vulnerability

A vulnerability in Sigstore Fulcio prior to version 1.8.3 allows for excessive memory allocation during the parsing of OpenID Connect (OIDC) identity tokens. The issue arises in the 'identity.extractIssuerURL' function, which splits untrusted data on period characters. This flaw can be exploited by sending a malicious OIDC token containing numerous periods, leading to memory allocations proportional to the token's length, with a constant overhead. This behavior creates an asymmetric resource consumption issue, amplifying the impact on availability.

Impact

Exploitation of this vulnerability causes excessive memory allocation, which can lead to denial-of-service conditions by exhausting available system resources.

Remediation

Users can upgrade to Sigstore Fulcio version 1.8.3 or later to address this vulnerability.

Added: Dec 4, 2025, 10:19 PM

Updated: Dec 4, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

1.3

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sigstore Fulcio Excessive Memory Allocation Vulnerability in OIDC Token Parsing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating