6 matches found
CVE-2023-49290
A flaw was found in JWX. This issue occurs when passing crafted input to the JWE key management algorithm, which may result in a denial of service by using an excessive amount of CPU resources...
CVE-2023-49290 vulnerabilities
Vulnerabilities for packages: kubescape, gitsign, falcoctl, falco, tekton-chains, vexctl...
CVE-2023-49290 vulnerabilities
Vulnerabilities for packages: falco, gitsign, kubescape, falcoctl, vexctl, cosign-fips, tekton-chains, falcoctl-fips...
CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...
CVE-2023-49290
Technical details about CVE-2023-49290 are not publicly provided in the connected documents. The initial description offers summary and fixes; monitor for further advisories and confirmed exploit information.
CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...