Lucene search

K
osvGoogleOSV:GO-2020-0009
HistoryApr 14, 2021 - 8:04 p.m.

Integer overflow in github.com/square/go-jose

2021-04-1420:04:52
Google
osv.dev
10

0.001 Low

EPSS

Percentile

47.2%

On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC with HMAC such that they can control how large the input buffer is when computing the HMAC authentication tag. This can can allow a manipulated ciphertext to be verified as authentic, opening the door for padding oracle attacks.

0.001 Low

EPSS

Percentile

47.2%