Lucene search

GoogleOSV:GHSA-6294-6RGP-FR7R

HistoryFeb 29, 2024 - 3:33 a.m.

jose2go vulnerable to denial of service via large p2c value

2024-02-2903:33:14

Google

osv.dev

jose2go component denial of service cpu consumption software vulnerability pbes2 count

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CPENameOperatorVersion
github.com/dvsekhvalnov/jose2golt1.6.0

CPE	Name	Operator	Version
	github.com/dvsekhvalnov/jose2go	lt	1.6.0

References

github.com/dvsekhvalnov/jose2go

github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317

github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0

nvd.nist.gov/vuln/detail/CVE-2023-50658