44 matches found
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...
EulerOS 2.0 SP8 : jose (EulerOS-SA-2024-2475)
According to the versions of the jose packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value.CVE-2023-50967...
EulerOS 2.0 SP8 : jose (EulerOS-SA-2024-2037)
According to the versions of the jose packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value.CVE-2023-50967...
Denial Of Service (DoS)
org.apache.cxf: cxf-rt-rs-security-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to missing size restrictions in the p2c PBES2 count parameter, which allows an attacker to perform a Denial Of Service attack by specifying a large value for this parameter in a token...
Medium: jose
Issue Overview: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value. CVE-2023-50967 Affected Packages: jose Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...
OESA-2024-1440 jose security update
José is a C-language implementation of the Javascript Object Signing and Encryption standards. José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Security Fixes: latchset jose through version 11...
Denial Of Service (DoS)
jose is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of the p2c PBES2 Count value. It allows attackers can exploit this vulnerability by providing a large p2c value, leading to a denial of service condition...
CVE-2023-50967
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
CVE-2023-50967
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
CVE-2023-50967
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
CVE-2023-50967
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
CVE-2023-50967
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
erlang-jose vulnerable to denial of service via large p2c value
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
UBUNTU-CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...