Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.5 views

CVE-2023-25653

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

7.5CVSS6.7AI score0.00552EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 5:33 p.m.21 views

Security Bulletin: Cisco node-jose is vulnerable to CVE-2023-25653 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Cisco node-jose which is vulnerable to CVE-2023-25653. Vulnerability Details CVEID:CVE-2023-25653 DESCRIPTION: Cisco node-jose is vulnerable to a denial of service, caused by improper calculations in ECC implementation. By sending a...

7.5CVSS7.4AI score0.00552EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2023/02/16 6:44 p.m.4 views

7ghost (>=4.11.0 <=4.11.46), @abbott-platform/abbott-framework (>=1.6.0 <=1.6.7) +586 more potentially affected by CVE-2023-25653 via node-jose (>=0.10.0 <=2.1.1)

node-jose NPM version =0.10.0, =4.11.0, =1.6.0, =1.5.3, =0.0.1, =0.0.0-development, =1.1.0, =0.0.1-beta.0, =0.0.2, =0.0.2, =5.5.1, =1.0.0, =0.1.0, =0.0.2, =4.5.0, =4.5.35 and more Source cves: CVE-2023-25653 Source advisory: OSV:GHSA-5H4J-QRVG-9XHW...

7.5CVSS7.2AI score0.00552EPSS
Exploits0
Cvelist
Cvelist
added 2023/02/16 6:15 p.m.50 views

CVE-2023-25653 Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a...

7.5CVSS7.6AI score0.00552EPSS
Exploits0References2
CVE
CVE
added 2023/02/16 6:15 p.m.63 views

CVE-2023-25653

CVE-2023-25653 affects the node-jose library (JOSE for web browsers and Node.js) when using the non-default fallback crypto backend. The root cause is an infinite loop in ECC-related calculations due to how the modular inverse result from the jsbn library can be negative, which breaks the Barrett...

7.5CVSS7.4AI score0.00552EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder