logo

Database

Asymmetric denial of service In org.bitbucket.b_c:jose4j

Description

jose4j denial of service via specifically crafted JWE The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-517752. NVD-2023-517753. OSV-2023-517754. OSV-DEBIAN-2023-517755. GCVE-2023-517756. SECURITY-TRACKER-CVE-2023-51775

References

1. https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b32. https://bitbucket.org/b_c/jose4j/issues/2123. https://security.netapp.com/advisory/ntap-20241108-0002

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.