13 matches found
EUVD-2023-3143
Malicious code in bioql PyPI...
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
...
erlang-jose vulnerable to denial of service via large p2c value
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
AZL-39857 CVE-2023-50966 affecting package rabbitmq-server for versions less than 3.11.24-2
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
DEBIAN-CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
UBUNTU-CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
CVE-2023-50966
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
GO-2023-2379 Denial of service due to malicious parameters in github.com/lestrrat-go/jwx
The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its purpose is to intentionally slow down the key derivation function, making password brute-force...
GHSA-7F9X-GW85-8GRF lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Summary too high p2c parameter in JWE's alg PBES2- could lead to a DOS attack Details The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary...
Design/Logic Flaw
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...
CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...