Описание
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| erlang-jose | fixed | 1.11.10-1 | package | |
| erlang-jose | no-dsa | bookworm | package | |
| erlang-jose | no-dsa | bullseye | package | |
| erlang-jose | postponed | buster | package |
Примечания
https://github.com/potatosalad/erlang-jose/issues/156
https://github.com/P3ngu1nW/CVE_Request/blob/main/erlang-jose.md
https://github.com/potatosalad/erlang-jose/commit/718d213f07b08056737923f8063d5df56dcb66ae (1.11.7)
EPSS
Связанные уязвимости
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
erlang-jose vulnerable to denial of service via large p2c value
EPSS