GoogleOSV:CVE-2023-50658

HistoryFeb 29, 2024 - 1:42 a.m.

CVE-2023-50658

2024-02-2901:42:01

Google

osv.dev

jose2go

denial of service

cpu consumption

pbes2 count

software

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CPENameOperatorVersion
jose2goeq1.2
jose2goeq1.5
jose2goeq1.3
jose2goeq1.5.0
jose2goeq1.1

Name	Operator	Version
jose2go	eq	1.2
jose2go	eq	1.5
jose2go	eq	1.3
jose2go	eq	1.5.0
jose2go	eq	1.1

References

github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317

github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0