126 matches found
openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...
Astra Linux - уязвимость в jose
latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...
Astra Linux - уязвимость в openssl
Issue summary: An application attempting to decrypt messages encrypted using password-based encryption in CMS can trigger an out-of-bounds read or write attack. Impact summary: This out-of-bounds read attack may cause a system crash, leading to a denial of service for the application. The...
Astra Linux - уязвимость в erlang-jose
erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...
JLSEC-2026-266
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...
SUSE CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
EUVD-2026-13871
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
GHSA-XW36-67F8-339X SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...
Excessive Iteration
Overview Affected versions of this package are vulnerable to Excessive Iteration via the decryptKey function when processing attacker-controlled JWE headers using PBES2 algorithms. An attacker can cause excessive CPU consumption and exhaust server resources by supplying a JWE with a very large p2...
SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...
PT-2026-26212
Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...
EulerOS Virtualization 2.12.1 : openssl (EulerOS-SA-2026-1450)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bound...
📄 joserfc JWE PBES2 1.6.2 Denial of Service
A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...
SUSE CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...
CVE-2026-27932
A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE standards. An unauthenticated attacker can cause a Denial of Service DoS by exploiting a resource exhaustion vulnerability. This occurs when the library decrypts a JSON Web Encryption JWE token using...
DEBIAN-CVE-2026-27932
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...