CVE-2025-1057: Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
The Keylime registrar
implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar
will not accept the format of the data previously stored in the database by versions >= 7.8.0, raising an exception.
This makes the Keylime registrar
vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the registrar
database by creating multiple valid agent registrations with different UUIDs while the version is still < 7.12.0. Then, when the Keylime registrar
is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure.
References
Detect and mitigate CVE-2025-1057 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →