Skip to content

jose2go vulnerable to denial of service via large p2c value

Moderate severity GitHub Reviewed Published Feb 29, 2024 to the GitHub Advisory Database • Updated Jul 5, 2024

Package

gomod github.com/dvsekhvalnov/jose2go (Go)

Affected versions

< 1.6.0

Patched versions

1.6.0

Description

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

References

Published by the National Vulnerability Database Feb 29, 2024
Published to the GitHub Advisory Database Feb 29, 2024
Reviewed Mar 1, 2024
Last updated Jul 5, 2024

Severity

Moderate

EPSS score

0.043%
(10th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2023-50658

GHSA ID

GHSA-6294-6rgp-fr7r

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.