← Back

CVE-2023-50658

nvd nist
Published: Feb 29, 2024Modified: Feb 14, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Affected (1)

Dvsekhvalnov
1 product
Jose2go
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Jose2go
Before 1.6.0

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch

Timeline

No history available yet.