Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2026-23991

Опубликовано: 22 янв. 2026
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.9

Описание

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a denial of service. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key. Version 2.3.1 fixes the issue. No known workarounds are available.

РелизСтатусПримечание
devel

needs-triage

esm-apps/noble

needs-triage

jammy

DNE

noble

needs-triage

questing

needs-triage

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 4%
0.0002
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-23991

CVSS3: 5.9
nvd
17 дней назад

go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors) returns invalid TUF metadata JSON (valid JSON but not well formed TUF metadata), the client will panic during parsing, causing a denial of service. The panic happens before any signature is validated. This means that a compromised repository/mirror/cache can DoS clients without having access to any signing key. Version 2.3.1 fixes the issue. No known workarounds are available.

debian логотип

CVE-2026-23991

CVSS3: 5.9
debian
17 дней назад

go-tuf is a Go implementation of The Update Framework (TUF). Starting ...

github логотип

GHSA-846p-jg2w-w324

CVSS3: 5.9
github
17 дней назад

go-tuf affected by client DoS via malformed server response

fstec логотип

BDU:2026-01060

CVSS3: 5.9
fstec
20 дней назад

Уязвимость функции metadata.checkType() фреймворка для обеспечения безопасности систем обновления программного обеспечения go-tuf, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%
0.0002
Низкий

5.9 Medium

CVSS3