4 matches found
Fedora 44 : opkssh (2026-af08c3b44f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-af08c3b44f advisory. Fix CVE-2026-34986 in bundled go-jose Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service...
GHSA-2C7C-3MJ9-8FQH Decryption of malicious PBES2 JWE objects can consume unbounded system resources
The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service...
GO-2023-2334 Denial of service via decryption of malicious PBES2 JWE objects in github.com/go-jose/go-jose/v3
The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service...