Количество 10
Количество 10
CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).
CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).
CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).
CVE-2023-37464
Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose
CVE-2023-37464
OpenIDC/cjose is a C library implementing the Javascript Object Signin ...
SUSE-SU-2023:3230-1
Security update for cjose
SUSE-SU-2023:3030-1
Security update for cjose
RLSA-2023:4418
Important: mod_auth_openidc:2.3 security update
ELSA-2023-4418
ELSA-2023-4418: mod_auth_openidc:2.3 security update (IMPORTANT)
ELSA-2023-4411
ELSA-2023-4411: cjose security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-37464 OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). | CVSS3: 8.6 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-37464 OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-37464 OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC). | CVSS3: 8.6 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose | 0% Низкий | 6 месяцев назад | |
| CVE-2023-37464 OpenIDC/cjose is a C library implementing the Javascript Object Signin ... | CVSS3: 8.6 | 0% Низкий | больше 2 лет назад |
 | SUSE-SU-2023:3230-1 Security update for cjose | 0% Низкий | больше 2 лет назад | |
| SUSE-SU-2023:3030-1 Security update for cjose | 0% Низкий | больше 2 лет назад | |
 | RLSA-2023:4418 Important: mod_auth_openidc:2.3 security update | 0% Низкий | больше 2 лет назад | |
| ELSA-2023-4418 ELSA-2023-4418: mod_auth_openidc:2.3 security update (IMPORTANT) | больше 2 лет назад | ||
| ELSA-2023-4411 ELSA-2023-4411: cjose security update (IMPORTANT) | больше 2 лет назад |
Уязвимостей на страницу