CVE-2026-33204

CVE-2026-33204 affects the PHP library SimpleJWT prior to v1.1.1. An unauthenticated attacker can trigger a Denial of Service by tampering JWE headers when PBES2 algorithms are used, causing excessive PBKDF2 iterations during JWE::decrypt() on attacker-controlled JWEs. The issue is fixed in v1.1....

SimpleJWT 资源管理错误漏洞

SimpleJWT is a JSON Web Token library written in PHP by Kelvin Mo as a personal project. Versions of SimpleJWT prior to 1.1.1 contained a resource management vulnerability. This vulnerability arises from the use of the PBES2 algorithm, allowing unauthenticated attackers to perform denial-of-servi...

Linux Distros Unpatched Vulnerability : CVE-2026-27932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource...

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

...

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

EulerOS 2.0 SP8 : jose (EulerOS-SA-2024-2475)

According to the versions of the jose packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value.CVE-2023-50967...

EulerOS 2.0 SP8 : jose (EulerOS-SA-2024-2037)

According to the versions of the jose packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value.CVE-2023-50967...

Denial Of Service (DoS)

org.apache.cxf: cxf-rt-rs-security-jose is vulnerable to Denial Of Service DoS. The vulnerability is due to missing size restrictions in the p2c PBES2 count parameter, which allows an attacker to perform a Denial Of Service attack by specifying a large value for this parameter in a token...

Medium: jose

Issue Overview: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value. CVE-2023-50967 Affected Packages: jose Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

OESA-2024-1440 jose security update

José is a C-language implementation of the Javascript Object Signing and Encryption standards. José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Security Fixes: latchset jose through version 11...

Denial Of Service (DoS)

jose is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of the p2c PBES2 Count value. It allows attackers can exploit this vulnerability by providing a large p2c value, leading to a denial of service condition...

CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

jose -- DoS vulnerability

[email protected] reports: latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...