Trail of Bits
Audit Open Original ↗

Microsoft/Verasion Go-COSE

Type

Security review

Client

Microsoft

Date

2022-07

Domain

Crypto

Effort

4 wks

Section

Cryptography Reviews

Trail of Bits's security review of Microsoft (Jul 2022) identified 3 issues: 1 high, 1 low, and 1 informational.

Findings · 3

  1. 1 Unmarshalling can cause a panic if any header labels are unhashable High
  2. 2 crit label is permitted in unvalidated headers Low
  3. 3 Generic COSE header types are not validated Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related