Astra Linux - уязвимость в golang-github-dvsekhvalnov-jose2go

A vulnerability was discovered in dvsekhvalnov jose2go versions 1.5.0 through 1.7.0. This vulnerability allows an attacker to trigger a Denial-of-Service DoS attack by using a specially crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

GO-2025-4123 Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in github.com/dvsekhvalnov/jose2go

Denial-of-Service DoS via crafted JSON Web Encryption JWE token high compression ratio in github.com/dvsekhvalnov/jose2go...

CVE-2025-63811

A flaw was found in jose2go. This vulnerability allows an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

GHSA-9MJ6-HXHV-W67J jose2go is vulnerable to a JWT bomb attack through its decode function

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

UBUNTU-CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

Denial of Service (DoS)

Overview github.com/dvsekhvalnov/jose2go is a Pure Golang GO library for generating, decoding and encrypting JSON Web Tokens. Zero dependency, relies only on standard library. Affected versions of this package are vulnerable to Denial of Service DoS via the processing of crafted JSON Web Encrypti...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

Linux Distros Unpatched Vulnerability : CVE-2025-63811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial- of-Service DoS via crafted JSON Web Encryption JWE toke...

CVE-2025-63811

CVE-2025-63811 affects dvsekhvalnov/jose2go (version range 1.5.0 through 1.7.0). The issue allows a Denial-of-Service via a crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio. The connected OSV entry GO-2025-4123 explicitly references this DoS scenario in the jos...

PT-2025-46682

Name of the Vulnerable Software and Affected Versions jose2go versions 1.5.0 through 1.7.0 Description An issue exists that allows an attacker to cause a Denial-of-Service DoS condition. This is achieved by using a specially crafted JSON Web Encryption JWE token that has an exceptionally high...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

jose2go 安全漏洞

jose2go is a Golang-implemented Javascript object signing and encryption specification for DV individual developers. A security vulnerability exists in jose2go versions 1.5.0 through 1.7.0, which stems from a specially crafted JWE token that could lead to a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2023-50658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value. CVE-2023-50658 No...

Fedora 41 : golang-github-dvsekhvalnov-jose2go (2024-8c116e555a)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8c116e555a advisory. Automatic update for golang-github-dvsekhvalnov-jose2go-1.7.0-1.fc41. Changelog Tue Jul 30 2024 Mikel Olasagasti Uranga - 1.7.0-1 - Update to 1.7.0 - Closes...

Denial Of Service (DoS)

jose2go is vulnerable to Denial of Service DoS. The vulnerability is caused due to a lack of input validation and handling for the "p2c" PBES2 Count parameter. This allows an attacker to provide a large "p2c" value, leading to a Denial of Service DoS CPU consumption vulnerability...

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

...

GHSA-6294-6RGP-FR7R jose2go vulnerable to denial of service via large p2c value

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...