Описание
Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6294-6rgp-fr7r. This link is maintained to preserve external references.
Original Description
An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.
Пакеты
Наименование
github.com/dvsekhvalnov/jose2go
go
Затронутые версииВерсия исправления
< 1.5.1-0.20231206184617-48ba0b76bc88
1.5.1-0.20231206184617-48ba0b76bc88
5.3 Medium
CVSS3
Дефекты
CWE-400
5.3 Medium
CVSS3
Дефекты
CWE-400