PT-2023-31606 · Jose2Go+2 · Jose2Go+2
Publicado
2023-12-20
·
Atualizado
2025-02-14
·
CVE-2023-50658
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
jose2go versions prior to 1.6.0
Description
The issue allows attackers to cause a denial of service, specifically CPU consumption, via a large
p2c (also known as PBES2 Count) value in a PBES2 encrypted JWE blob. This can occur when an attacker-controlled input is decrypted, leading to the denial-of-service condition.Recommendations
For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the decryption of PBES2 encrypted JWE blobs with large
p2c values to minimize the risk of exploitation.Correção
DoS
Allocation of Resources Without Limits
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Debian
Jose2Go