Описание
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-gopkg-square-go-jose.v1 | fixed | 1.0.5-1 | package |
EPSS
Процентиль: 50%
0.00274
Низкий
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 9 лет назад
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
CVSS3: 7.5
nvd
почти 9 лет назад
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
EPSS
Процентиль: 50%
0.00274
Низкий