CVE-2026-31961
Unbounded Memory Allocation in Quill Causes Denial of Service
Publication date: 2026-03-11
Last updated on: 2026-03-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anchore | quill | to 0.7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Quill to version v0.7.1 or later, where this vulnerability has been fixed.
Since no workarounds are available, avoiding processing untrusted Mach-O binaries with vulnerable versions of Quill is recommended.
Additionally, restrict access to environments where Quill processes Mach-O binaries to trusted users and inputs only, to reduce the risk of exploitation.
Can you explain this vulnerability to me?
CVE-2026-31961 is a vulnerability in Quill versions before v0.7.1 that involves unbounded memory allocation when parsing Mach-O binaries. Quill reads size and count fields from the LC_CODE_SIGNATURE load command and embedded code signing structures without validating if these values are reasonable or consistent with the actual file size.
An attacker can craft a malicious Mach-O binary with extremely large values in these fields, causing Quill to allocate excessive memory buffers. This leads to memory exhaustion and denial of service, potentially crashing the host process.
The vulnerability affects both the Quill CLI and Go library when processing untrusted Mach-O files, and exploitation typically requires that Quill processes an attacker-supplied Mach-O binary, such as in CI/CD pipelines or shared signing services.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial of service through memory exhaustion. When Quill processes a specially crafted malicious Mach-O binary, it may attempt to allocate excessive memory, which can crash the host process running Quill.
Such an impact is particularly relevant in environments where Quill processes externally submitted binaries, such as CI/CD pipelines or shared signing services, potentially disrupting automated workflows or services.
The vulnerability affects availability but does not compromise confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when Quill processes attacker-supplied Mach-O binaries containing maliciously crafted size and count fields. Detection involves identifying if your environment uses Quill versions prior to v0.7.1 to parse or sign Mach-O binaries, especially in CI/CD pipelines, shared signing services, or workflows accepting external binaries.
Since the vulnerability is triggered by processing malicious Mach-O files, you can detect potential exploitation attempts by monitoring for crashes or memory exhaustion in Quill processes.
There are no specific commands provided in the resources to detect this vulnerability directly. However, you can check the installed Quill version with a command like:
- quill --version
To detect suspicious Mach-O binaries, you might use file inspection tools to analyze Mach-O files before processing, but no specific commands for this vulnerability are given.