Skip to content

jose4j denial of service via specifically crafted JWE

Moderate severity GitHub Reviewed Published Feb 29, 2024 to the GitHub Advisory Database • Updated Feb 29, 2024

Package

maven org.bitbucket.b_c:jose4j (Maven)

Affected versions

< 0.9.4

Patched versions

0.9.4

Description

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

References

Published by the National Vulnerability Database Feb 29, 2024
Published to the GitHub Advisory Database Feb 29, 2024
Reviewed Feb 29, 2024
Last updated Feb 29, 2024

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2023-51775

GHSA ID

GHSA-6qvw-249j-h44c

Source code

No known source code
Checking history
See something to contribute? Suggest improvements for this vulnerability.