Lucene search
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
too high p2c parameter in JWE's alg PBES2-* could lead to a DOS attack. JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). If an attacker sets the p2c parameter to a large number, it can cause a lot of computational consumption, resulting in a DOS attack
Show more
| Reporter | Title | Published | Views | Family All 38 |
|---|---|---|---|---|
 | Denial of service due to malicious parameters in github.com/lestrrat-go/jwx | 11 Dec 202315:08 | – | osv |
| CGA-GP7R-X85C-FCFV | 6 Jun 202412:27 | – | osv |
| CGA-F8MG-JHGX-5GC8 | 6 Jun 202412:25 | – | osv |
| CGA-GV2P-4QMM-V36R | 6 Jun 202412:25 | – | osv |
| CGA-6XQX-MWGC-PF8R | 6 Jun 202412:23 | – | osv |
| CGA-98FP-P2M3-RMX5 | 6 Jun 202412:25 | – | osv |
| CGA-3W3M-8GFP-92GF | 6 Jun 202412:22 | – | osv |
| CGA-XWH5-FHH2-8FJF | 6 Jun 202412:30 | – | osv |
| CGA-P9Q3-R5MX-JMQ2 | 6 Jun 202412:28 | – | osv |
| CGA-F8XG-CJ47-C8GW | 6 Jun 202412:27 | – | osv |
10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Dec 2023 23:29Current
7.1High risk
Vulners AI Score7.1
CVSS35.3
EPSS0.00075