CVE-2025-8396
EPSS 0.14%Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling
發布日:2025/9/15修改日:2026/2/4
描述
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation. This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.
受影響套件(2)
- Go/go.temporal.io/serverfrom 0, < 1.26.3
- Go/go.temporal.io/serverfrom 0, < 1.26.3, >= 1.27.0-126.0, < 1.27.3, >= 1.28.0-129.0, < 1.28.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L |
參考連結(6)
- ADVISORYhttps://github.com/advisories/GHSA-p768-c3pr-6459
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-8396
- PATCHhttps://github.com/temporalio/temporal
- WEBhttps://github.com/temporalio/temporal/releases/tag/v1.26.3
- WEBhttps://github.com/temporalio/temporal/releases/tag/v1.27.3
- WEBhttps://github.com/temporalio/temporal/releases/tag/v1.28.1