Lucene search
GoogleOSV:GO-2023-2409HistoryDec 20, 2023 - 5:35 p.m.
Denial of service when decrypting attacker controlled input in github.com/dvsekhvalnov/jose2go
2023-12-2017:35:00
Google
osv.dev
7
denial of service
decrypting
attacker-controlled input
pbes2 encrypted
jwe blob
github
software
6.3 Medium
AI Score
Confidence
Low
An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/dvsekhvalnov/jose2go | lt | 1.5.1-0.20231206184617-48ba0b76bc88 |
Related
nvd
nvd
CVE-2023-50658
2024-02-29 01:42:01
osv
osv
CVE-2023-50658
2024-02-29 01:42:01
jose2go vulnerable to denial of service via large p2c value
2024-02-29 03:33:14
nessus
nessus
CBL Mariner 2.0 Security Update: telegraf (CVE-2023-50658)
2024-07-03 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-50658 affecting package telegraf for versions less than 1.29.4-1
2024-04-10 21:48:40
CVE-2023-50658 affecting package telegraf for versions less than 1.29.4-1
2024-04-17 22:02:46
cvelist
cvelist
CVE-2023-50658
2023-12-25 00:00:00
prion
prion
Input validation
2024-02-29 01:42:00
veracode
veracode
Denial Of Service (DoS)
2024-03-01 04:45:07
debiancve
debiancve
CVE-2023-50658
2024-02-29 01:42:01
github
github
jose2go vulnerable to denial of service via large p2c value
2024-02-29 03:33:14
cve
cve
CVE-2023-50658
2024-02-29 01:42:01
cgr
cgr
CVE-2023-50658 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-50658
2024-02-29 00:00:00
wolfi
wolfi
CVE-2023-50658 vulnerabilities
2024-07-06 16:06:39