5 matches found
CVE-2024-21664
A null pointer dereference vulnerability was found in the jwx/jws Go module. This issue arises when invoking "jws.Parse" with a JSON serialized payload containing a present signature field while the protected field is absentm, which may cause a system crash or initiate a denial of service DOS...
CVE-2024-21664 vulnerabilities
Vulnerabilities for packages: minio, spire-server, cosign-fips, spire-server-fips, vexctl, falcoctl-fips, tekton-chains, gitsign, falcoctl, falco, external-secrets-fips, kubescape, boring-registry, mc...
CVE-2024-21664 vulnerabilities
Vulnerabilities for packages: gitsign, falco, mc, tekton-chains, boring-registry, minio, falcoctl, vexctl, kubescape, spire-server...
CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...
CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...