Lucene search
K

10 matches found

OSV
OSV
added 2026/06/12 12:0 p.m.14 views

RUSTSEC-2026-0179 Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service

A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...

8.7CVSS5.5AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 1:9 p.m.30 views

CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 1:9 p.m.8 views

CVE-2026-11790 389-ds-base: 389-ds-base: pbkdf2 password storage plugin unbounded iteration count denial of service

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/09 1:9 p.m.7 views

CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

389 Directory Server 资源管理错误漏洞

389 Directory Server is an open-source implementation of a highly available, fully functional, reliable, and secure LDAP server. There is a resource management vulnerability in 389 Directory Server. This vulnerability stems from the fact that the PBKDF2-SHA256 password storage plugin does not...

4.9CVSS5.3AI score0.00291EPSS
Exploits0References3
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:26 p.m.8 views

PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

5.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/06 4:26 p.m.8 views

PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

5.6AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/19 6:20 p.m.8 views

CLSA-2026-1779214855 bind: Fix of CVE-2026-1519

CVE-2026-1519: fix unbounded NSEC3 iterations when validating referrals to unsigned delegations...

7.5CVSS6AI score0.01545EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 10:48 p.m.20 views

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS0.00432EPSS
Exploits2References2
OSV
OSV
added 2026/03/02 6:47 p.m.5 views

GHSA-W5R5-M38G-F9F9 joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6AI score0.00432EPSS
Exploits2References5
Rows per page
Query Builder