Lucene search
K

7 matches found

CNNVD
CNNVD
added 2024/01/09 12:0 a.m.6 views

lestrrat-go jwx code issue vulnerability

lestrrat-go jwx is a library for lestrrat-go individual developers. A code issue vulnerability exists in lestrrat-go jwx version 2.0.18 and earlier, which stems from a null pointer dereference issue...

7.5CVSS7.1AI score0.00864EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/12/04 11:42 p.m.5 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS7.2AI score0.00723EPSS
Exploits1References2
OSV
OSV
added 2023/12/04 11:42 p.m.19 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS5.6AI score0.00723EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/12/04 11:42 p.m.48 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS5.5AI score0.00723EPSS
Exploits1References2
CVE
CVE
added 2023/12/04 11:42 p.m.352 views

CVE-2023-49290

Technical details about CVE-2023-49290 are not publicly provided in the connected documents. The initial description offers summary and fixes; monitor for further advisories and confirmed exploit information.

5.3CVSS5.1AI score0.00723EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.6 views

lestrrat-go jwx resource management error vulnerability

lestrrat-go jwx is a library for lestrrat-go individual developers. lestrrat-go jwx suffers from a resource management error vulnerability that originates from an attacker being able to cause a denial of service by causing a large amount of computation consumption using password brute force and...

5.3CVSS9.1AI score0.00723EPSS
Exploits1References4
Circl
Circl
added 2023/12/03 7:27 a.m.20 views

CVE-2023-49290

creationtimestamp| type| source ---|---|--- 2023-12-03 07:27:59+00:00| published-proof-of-concept| https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf...

5.3CVSS6AI score0.00723EPSS
Exploits1References1
Rows per page
Query Builder