Lucene search
+L

121 matches found

osv
osv
added 2023/08/08 2:0 p.m.5 views

SUSE-SU-2023:3230-1 Security update for cjose

This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag bsc1213385...

8.6CVSS8.5AI score0.0071EPSS
Exploits1References3
rocky
rocky
added 2023/08/08 12:34 p.m.43 views

mod_auth_openidc:2.3 security update

An update is available for module.modauthopenidc, cjose, module.cjose, modauthopenidc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

8.6CVSS7.1AI score0.0071EPSS
Exploits1
debian
debian
added 2023/08/04 10:28 a.m.21 views

[SECURITY] [DLA 3515-1] cjose security update

Debian LTS Advisory DLA-3515-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin August 04, 2023 https://wiki.debian.org/LTS Package : cjose Version : 0.6.1+dfsg1-1+deb10u1 CVE ID : CVE-2023-37464 Debian Bug : 1041423 An incorrect Authentication Tag length usage was...

8.6CVSS7AI score0.0071EPSS
Exploits1
redhat
redhat
added 2023/08/02 8:0 a.m.5 views

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

8.6CVSS5.7AI score0.0071EPSS
Exploits1References5
oraclelinux
oraclelinux
added 2023/08/02 12:0 a.m.22 views

cjose security update

0.6.1-13 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308...

8.6CVSS7.1AI score0.0071EPSS
Exploits1
nessus
nessus
added 2023/08/02 12:0 a.m.19 views

Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-4418)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4418 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc Tenab...

8.6CVSS7.5AI score0.0071EPSS
Exploits1References2
redhat
redhat
added 2023/08/01 2:30 p.m.4 views

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

8.6CVSS5.7AI score0.0071EPSS
Exploits1References5
redhat
redhat
added 2023/08/01 1:47 p.m.7 views

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

8.6CVSS5.7AI score0.0071EPSS
Exploits1References5
redhat
redhat
added 2023/08/01 1:39 p.m.9 views

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

8.6CVSS5.7AI score0.0071EPSS
Exploits1References5
osv
osv
added 2023/07/31 8:18 a.m.4 views

SUSE-SU-2023:3030-1 Security update for cjose

This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag bsc1213385...

8.6CVSS8.5AI score0.0071EPSS
Exploits1References3
osv
osv
added 2023/07/29 11:5 a.m.5 views

OESA-2023-1441 cjose security update

Implementation of JOSE for C/C++ Security Fixes: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of...

8.6CVSS6.9AI score0.0071EPSS
Exploits1References2
veracode
veracode
added 2023/07/19 9:31 a.m.21 views

Weak Encryption

libcjose.so is vulnerable to weak encryption. The vulnerability exists in jwe.c because it does not properly validate the authentication tag according to the spec, which may allow an attacker to access unauthorized information in the system by modifying the JWE...

8.6CVSS6.8AI score0.0071EPSS
Exploits1References10Affected Software2
nvd
nvd
added 2023/07/14 9:15 p.m.17 views

CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS0.0071EPSS
Exploits1References9
osv
osv
added 2023/07/14 9:15 p.m.11 views

AZL-27659 CVE-2023-37464 affecting package cjose 0.6.1-6

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

7.5CVSS7.1AI score0.0071EPSS
Exploits1References1
osv
osv
added 2023/07/14 8:25 p.m.17 views

CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS7.7AI score0.0071EPSS
Exploits1References11
vulnrichment
vulnrichment
added 2023/07/14 8:25 p.m.13 views

CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS8.4AI score0.0071EPSS
Exploits1References9
debiancve
debiancve
added 2023/07/14 8:25 p.m.21 views

CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS7.7AI score0.0071EPSS
Exploits1
cve
cve
added 2023/07/14 8:25 p.m.128 views

CVE-2023-37464

CVE-2023-37464 affects cjose, a C library implementing JOSE. The AES-GCM decryption incorrectly uses the authentication tag length from the provided JWE instead of the fixed 16-octet length, enabling tampering with the JWE. A fix is available in cjose 0.6.2.2 and later; upgrades are recommended. ...

8.6CVSS7.8AI score0.0071EPSS
Exploits1References9Affected Software1
cvelist
cvelist
added 2023/07/14 8:25 p.m.26 views

CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS8AI score0.0071EPSS
Exploits1References9
alpinelinux
alpinelinux
added 2023/07/14 8:25 p.m.16 views

CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS8AI score0.0071EPSS
Exploits1References9
Rows per page
Query Builder