Notation security audit 2023 findings and report

11th July, 2023
Adam Korczynski,
Security Engineering & Security Automation

We are happy to announce the results of our security audit of Notation which we carried out in March and April 2023 for three Notation projects:

  1. notation
  2. notation-go
  3. notation-core-go

Find the full report here: Audit report

Threat Modeling

We threat modelled Notation to formalize an understanding of the threat vectors and actors affecting Notation. The threat modelling highlights the importance of defending from the registry. Notation considers the registry to be fully untrusted, and should defend against any attack vector from it. At the same time, the registry poses a significant attack surface in that Notation interacts with it in several places on its code base.

Notable findings

We found three CVE's during the audit of Low, Moderate and High severity:

  1. CVE-2023-33957:Max allowed signatures could lead to an endless data attack
  2. CVE-2023-33958: Potential endless data attack
  3. CVE-2023-33959: Insufficient verification of fetched artifact descriptor

All vulnerabilities were exposed through an attack surface available by the registry.


We also assessed Notations fuzzing suite which it had developed during its fuzzing audit earlier in 2023. We found that the fuzzer for Notations Verify() API was running slower and we made a number of improvements to it; First, we improved its execution speed ten-fold, taking it from from 164 executions per second to 1761 executions per second. Next, we configured the fuzzer to ignore certain execution paths that are not interesting to test. As such, the end result was that the fuzzer was faster and was executing more meaningful parts of the verification routine. We added all improvements to Notations OSS-Fuzz integration so Notation can benefit from the improvements long term.


SLSA is a framework for identifying supply-chain risks from using software artifacts. The framework emphasises the importance of distributing provenance attestations alongside artifacts, so that consumers can verify them before consuming. SLSA aims to defend against a series of known supply chain threats, and as part of the audit we assessed how Notation performs against the SLSA framework. The high-level observation is that Notation is lacking the provenance statement which we recommend attaching to releases.