jose2go vulnerable to denial of service via large p2c value · CVE-2023-50658 · GitHub Advisory Database · GitHub

jose2go vulnerable to denial of service via large p2c value

Moderate severity GitHub Reviewed Published Feb 29, 2024 to the GitHub Advisory Database • Updated Mar 1, 2024

Package

github.com/dvsekhvalnov/jose2go (Go)

Affected versions

< 1.6.0

Patched versions

1.6.0

Description

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

References

Published by the National Vulnerability Database

Feb 29, 2024

Published to the GitHub Advisory Database Feb 29, 2024

Last updated Mar 1, 2024

Reviewed Mar 1, 2024