TUF (aka The Update Framework) 0.7.2 through 0.12.1 Uncontrolled Resource Consumption Vulnerability
While maximum file size is restricted for downloading, the client may attempt to validate a large number of signatures. We have been able to add over 500 copies of the same invalid signature into the root.json file, which results in the client attempting to validate each one, spending several minutes on validation. The file size limit of target.json is larger and may allow up to 5000 signatures, further increasing the amount of time spent in validation.
The information has been provided by Erik MacLean
The original article can be found at:https://github.com/theupdateframework/tuf/issues/973
TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.
TUF (aka The Update Framework) 0.7.2 through 0.12.1