Asraa

**Name of the Vulnerable Software and Affected Versions** cosign versions prior to 1.12.0 **Description** A number of issues have been found in cosign verify-blob, where cosign would successfully verify an artifact when verification should have failed. These issues include: - a cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature, - when providing identity flags, the email and issuer of a certificate is not checked when verifying a Rekor bundle, and the GitHub Actions identity is never checked, - providing an invalid Rekor bundle without the experimental flag results in a successful verification, - an invalid transparency log entry will result in immediate success for verification. **Recommendations** For versions prior to 1.12.0, update to version 1.12.0 to resolve the issues. As a temporary workaround for the first issue, consider extracting the signature and certificate from the bundle and using them for verification instead of the bundle, by running `cosign verify-blob blob1 --signature $(jq -r '.base64Signature' bundle1) --certificate $(jq -r '.cert' bundle1)`. However, note that this workaround may make a network call to Rekor and could be subject to the fourth issue. For the other issues, there are no workarounds, and users should update to version 1.12.0.

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.71.1 Description: A remotely exploitable integer overflow issue exists due to a very large grpc-timeout value, leading to unexpected timeout calculations. Recommendations: For versions prior to 1.71.1, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Envoy versions between 2d69e30 and 3b5acb2 **Description** The issue is related to the parsing of request URLs that require host canonicalization. **Recommendations** For versions between 2d69e30 and 3b5acb2, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Envoy versions 1.10.0 through 1.11.1 **Description** The issue allows a remote attacker to craft a request that consumes CPU, resulting in a denial-of-service attack. This is due to the implementation having O(n^2) performance characteristics when verifying the total size of request headers. The attack can be performed by sending a request with many thousands of small headers, staying below the maximum request header size. **Recommendations** For Envoy versions 1.10.0 through 1.11.1, consider updating to a version that addresses this performance issue to prevent denial-of-service attacks. As a temporary workaround, consider restricting the number of headers allowed in incoming requests to minimize the risk of exploitation.