CVE-2026-23831— Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

空指针解引用

Rekor 代码问题漏洞

Rekor是sigstore开源的一款开源软件，能够为软件项目供应链中生成的元数据提供一个不可变的防篡改分类账。 Rekor 1.4.3及之前版本存在代码问题漏洞，该漏洞源于处理空消息时未初始化sign1Msg，可能导致空指针取消引用。

N/A

N/A