Vulnerability Details CVE-2023-50658
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.0%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
- https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0
- https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
- https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0
Products affected by CVE-2023-50658
-
cpe:2.3:a:dvsekhvalnov:jose2go:-
-
cpe:2.3:a:dvsekhvalnov:jose2go:1.1
-
cpe:2.3:a:dvsekhvalnov:jose2go:1.2
-
cpe:2.3:a:dvsekhvalnov:jose2go:1.3
-
cpe:2.3:a:dvsekhvalnov:jose2go:1.5.0