CVE-2023-37464
CVE-2023-37464 affects cjose, a C library implementing JOSE. The AES-GCM decryption incorrectly uses the authentication tag length from the provided JWE instead of the fixed 16-octet length, enabling tampering with the JWE. A fix is available in cjose 0.6.2.2 and later; upgrades are recommended. ...