Описание
jose2go vulnerable to denial of service via large p2c value
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-50658
- https://github.com/dvsekhvalnov/jose2go/issues/31
- https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
- https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0
- https://pkg.go.dev/vuln/GO-2023-2409
- https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695
Пакеты
Наименование
github.com/dvsekhvalnov/jose2go
go
Затронутые версииВерсия исправления
< 1.6.0
1.6.0
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 2 года назад
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVSS3: 7.5
nvd
почти 2 года назад
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVSS3: 7.5
debian
почти 2 года назад
The jose2go component before 1.6.0 for Go allows attackers to cause a ...