logo

Database

Asymmetric denial of service In golang-github-dvsekhvalnov-jose2go

Description

jose2go vulnerable to denial of service via large p2c value The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-506582. NVD-2023-506583. OSV-DEBIAN-2023-506584. OSV-2023-506585. GCVE-2023-506586. SECURITY-TRACKER-CVE-2023-50658

References

1. https://github.com/dvsekhvalnov/jose2go/issues/312. https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d53173. https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.04. https://pkg.go.dev/vuln/GO-2023-24095. https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.