The vulnerability of the Go programming language’s jwx library, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Go programming language’s jwx library is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to trigger a service failure using a specially created JSON Web Encryption Token JWE...

JWX Security Vulnerabilities

lestrrat-go jwx is a library for lestrrat-go individual developers. A security vulnerability exists in JWX versions 1.2.29 and prior to 2.0.21, which originated from a vulnerability that allows an attacker in possession of a trusted public key to cause a denial of service by crafting malicious JS...

The vulnerability of the PBES2 encryption algorithm in the jwx library allows a perpetrator to cause a service failure.

The vulnerability of the PBES2 encryption algorithm in the jwx library is related to an uncontrolled resource consumption during the processing of the p2c parameter, which determines the number of iterations required to obtain the key. Exploiting this vulnerability could allow a remote attacker t...

PT-2023-7638 · Unknown · Lestrrat-Go/Jwx

Name of the Vulnerable Software and Affected Versions: lestrrat-go/jwx versions prior to 1.2.27 lestrrat-go/jwx versions prior to 2.0.18 Description: The issue is related to the JWE key management algorithms based on PBKDF2, which require a JOSE Header Parameter called p2c PBES2 Count. This...