Parsing PKIX distinguished names containing the string "=#" can cause excessive memory consumption.
{
"review_status": "REVIEWED",
"url": "https://pkg.go.dev/vuln/GO-2023-1589"
}{
"imports": [
{
"path": "github.com/notaryproject/notation-go/internal/pkix",
"symbols": [
"ParseDistinguishedName"
]
},
{
"path": "github.com/notaryproject/notation-go/verifier",
"symbols": [
"New",
"NewFromConfig",
"verifier.Verify",
"verifyX509TrustedIdentities"
]
},
{
"path": "github.com/notaryproject/notation-go/verifier/trustpolicy",
"symbols": [
"Document.Validate",
"validateTrustedIdentities"
]
}
]
}