2 matches found
CVE-2024-53146
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...
cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE
A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...