Lucene search
PRIOn knowledge basePRION:CVE-2024-21664HistoryJan 09, 2024 - 8:15 p.m.
Null pointer dereference
2024-01-0920:15:00
PRIOn knowledge base
www.prio-n.com
4
null pointer dereference
go module
jwa/jwe/jwk/jws/jwt
json serialized payload
absent protected field
crash/dos
jws verification vulnerability
nvd
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28.
Related
veracode
veracode
Denial Of Service (DoS)
2024-01-10 06:19:31
cve
cve
CVE-2024-21664
2024-01-09 20:15:43
osv
osv
Parsing JSON serialized payload without protected field can lead to segfault
2024-01-09 16:18:48
CVE-2024-21664
2024-01-09 20:15:43
Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2
2024-01-23 18:01:33
cgr
cgr
CVE-2024-21664 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-21664
2024-01-10 10:01:19
nvd
nvd
CVE-2024-21664
2024-01-09 20:15:43
wolfi
wolfi
CVE-2024-21664 vulnerabilities
2024-06-26 09:08:30
cvelist
cvelist
github
github
Parsing JSON serialized payload without protected field can lead to segfault
2024-01-09 16:18:48