Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-28180

Опубликовано: 09 мар. 2024
Источник: nvd
CVSS3: 4.3
EPSS Низкий

Описание

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*
Версия от 2.0.0 (включая) до 2.6.3 (исключая)
cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*
Версия от 3.0.0 (включая) до 3.0.3 (исключая)
cpe:2.3:a:go-jose_project:go-jose:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.0.1 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
Версия от 38 (включая) до 40 (включая)

EPSS

Процентиль: 88%
0.03644
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-409

Связанные уязвимости

ubuntu логотип

CVE-2024-28180

CVSS3: 4.3
ubuntu
почти 2 года назад

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

redhat логотип

CVE-2024-28180

CVSS3: 4.3
redhat
почти 2 года назад

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

msrc логотип

CVE-2024-28180

CVSS3: 4.3
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2024-28180

CVSS3: 4.3
debian
почти 2 года назад

Package jose aims to provide an implementation of the Javascript Objec ...

suse-cvrf логотип

SUSE-SU-2025:0066-1

suse-cvrf
около 1 года назад

Security update for apptainer

EPSS

Процентиль: 88%
0.03644
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-409