5 matches found
CVE-2024-21664
A null pointer dereference vulnerability was found in the jwx/jws Go module. This issue arises when invoking "jws.Parse" with a JSON serialized payload containing a present signature field while the protected field is absentm, which may cause a system crash or initiate a denial of service DOS...
CVE-2024-21664 vulnerabilities
Vulnerabilities for packages: kubescape, cosign-fips, spire-server-fips, falcoctl-fips, minio, spire-server, mc, vexctl, gitsign, tekton-chains, external-secrets-fips, boring-registry, falcoctl, falco...
CVE-2024-21664 vulnerabilities
Vulnerabilities for packages: kubescape, tekton-chains, minio, vexctl, gitsign, spire-server, mc, boring-registry, falco, falcoctl...
CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...
CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...