Veracode Vulnerability DatabaseVERACODE:46374

HistoryApr 12, 2024 - 2:24 a.m.

Denial Of Service (DoS)

2024-04-1202:24:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

pbes2 count

attackers

software

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

jose is vulnerable to Denial Of Service (DoS). The vulnerability is due to insufficient validation of the p2c (PBES2 Count) value. It allows attackers can exploit this vulnerability by providing a large p2c value, leading to a denial of service condition.

CPENameOperatorVersion
jose:sideq10-3
jose:sideq10-3

CPE	Name	Operator	Version
	jose:sid	eq	10-3
	jose:sid	eq	10-3

References

github.com/latchset/jose

github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/

security-tracker.debian.org/tracker/CVE-2023-50967