INFSA-2025:7467: skopeo security update
Information about definition
Identificator: INFSA-2025:7467
Type: security
Release date: 2025-07-15 19:28:07 UTC
Information about package
The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.
Vulnerabilities description
- CVE-2025-27144
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of . characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|
Updated packages