10 matches found
GO-2024-2454 Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2
Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2...
lestrrat-go jwx code issue vulnerability
lestrrat-go jwx is a library for lestrrat-go individual developers. A code issue vulnerability exists in lestrrat-go jwx version 2.0.18 and earlier, which stems from a null pointer dereference issue...
CVE-2023-49290
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...
CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...
CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...
CVE-2023-49290
Technical details about CVE-2023-49290 are not publicly provided in the connected documents. The initial description offers summary and fixes; monitor for further advisories and confirmed exploit information.
CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx
lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...
lestrrat-go jwx resource management error vulnerability
lestrrat-go jwx is a library for lestrrat-go individual developers. lestrrat-go jwx suffers from a resource management error vulnerability that originates from an attacker being able to cause a denial of service by causing a large amount of computation consumption using password brute force and...
CVE-2023-49290
creationtimestamp| type| source ---|---|--- 2023-12-03 07:27:59+00:00| published-proof-of-concept| https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf...
GO-2023-1859 Padding oracle vulnerability in github.com/lestrrat-go/jwx
AES-CBC decryption is vulnerable to a timing attack which may permit an attacker to recover the plaintext of JWE data...