Lucene search
GoogleOSV:GO-2020-0009HistoryApr 14, 2021 - 8:04 p.m.
Integer overflow in github.com/square/go-jose
2021-04-1420:04:52
Google
osv.dev
10
0.001 Low
EPSS
Percentile
47.2%
On 32-bit platforms an attacker can manipulate a ciphertext encrypted with AES-CBC with HMAC such that they can control how large the input buffer is when computing the HMAC authentication tag. This can can allow a manipulated ciphertext to be verified as authentic, opening the door for padding oracle attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/square/go-jose | lt | 0.0.0-20160903044734-789a4c4bd4c1 |
Related
ubuntucve
ubuntucve
CVE-2016-9123
2017-03-28 00:00:00
github
github
Integer Overflow in go-jose
2021-06-23 17:14:12
osv
osv
CVE-2016-9123
2017-03-28 02:59:00
Integer Overflow in go-jose
2021-06-23 17:14:12
prion
prion
Integer overflow
2017-03-28 02:59:00
cve
cve
CVE-2016-9123
2017-03-28 02:59:00
cvelist
cvelist
CVE-2016-9123
2017-03-28 02:46:00
nvd
nvd
CVE-2016-9123
2017-03-28 02:59:00
debiancve
debiancve
CVE-2016-9123
2017-03-28 02:59:00
veracode
veracode
Authentication Bypass
2024-02-06 06:49:32