DEBIAN-CVE-2026-23831
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-23831
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-23831.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-23831
- Upstream
- Published
- 2026-01-22T22:16:19.523Z
- Modified
- 2026-01-23T11:16:47.841833Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.
- References
Affected packages
Debian:13 / rekor
Package
- Name
- rekor
- Purl
- pkg:deb/debian/rekor?arch=source
Debian:14 / rekor
Package
- Name
- rekor
- Purl
- pkg:deb/debian/rekor?arch=source