CVE-2025-8396
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-8396
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-8396.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-8396
- Aliases
- Related
- Published
- 2025-09-15T15:15:55Z
- Modified
- 2025-09-17T17:57:21.447412Z
- Summary
- [none]
- Details
-
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.
- References
Affected packages
Git / github.com/temporalio/temporal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/temporalio/temporal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
Other
dummy-tag
norbert-109
norbert/wip
v.*
v.0.29.0
v0.*
v0.1.0-beta
v0.1.1-beta
v0.10.0
v0.12.0
v0.2.0
v0.20.0
v0.21.0
v0.21.1
v0.23.0
v0.23.1
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.3.0
v0.3.1
v0.3.11
v0.3.12
v0.3.13
v0.3.14
v0.3.15
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.30.0
v0.31.0
v0.4.0
v0.5.3
v0.5.4
v0.5.5
v0.8.0
v0.8.1
v1.*
v1.0.0
v1.0.0-rc1
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.15.0
v1.16.0
v1.18.0
v1.20.0
v1.22.0-rc1
v1.23.0-rc0
v1.23.0-rc1
v1.23.0-rc2
v1.24.0-m1
v1.24.0-m2.1
v1.24.0-m2.2
v1.24.0-m3.0
v1.25.0-113.0
v1.25.0-114.0
v1.25.0-115.0
v1.25.0-116.0
v1.25.0-117.0
v1.25.0-118.0
v1.25.0-119.0
v1.25.0-rc.1
v1.26.0
v1.26.0-120
v1.26.1-121.0
v1.26.2
v1.26.2-121.0
v1.26.2-122.0
v1.26.2-123.0
v1.26.2-124.0
v1.26.2-125.0
v1.26.2-125.1
v1.26.2-rc.0
v1.26.2-rc.2
v1.27.0
v1.27.0-126.0
v1.27.0-127.0
v1.27.0-rc.0
v1.27.1
v1.27.2
v1.28.0
v1.28.0-129.0
v1.28.0-130.0
v1.28.0-131.0
v1.28.0-132.0
v1.28.0-134.2
v1.28.0-134.4
v1.28.0-rc.1
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0