CVE-2023-37464

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions OpenIDC/cjose versions prior to 0.6.2.2

Description The AES GCM decryption routine in OpenIDC/cjose incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE, instead of the fixed length of 16 octets specified in the spec. This allows an attacker to provide a truncated Authentication Tag and modify the JWE accordingly.

Recommendations For versions prior to 0.6.2.2, upgrade to a version >= 0.6.2.2. For users unable to upgrade, avoid using AES GCM encryption and replace it with another encryption algorithm, such as AES CBC.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

ALSA-2023:4411

ALSA-2023:4418

AZL-27659

AZL-36936

CESA-2023_4418

CVE-2023-37464

DLA-3515-1

DSA-5472-1

GHSA-3RHG-3GF2-6XGJ

MGASA-2023-0350

OESA-2023-1441

OPENSUSE-SU-2023_3230-1

OPENSUSE-SU-2024:13052-1

RHSA-2023:4408

RHSA-2023:4409

RHSA-2023:4410

RHSA-2023:4411

RHSA-2023:4417

RHSA-2023:4418

RHSA-2023:4429

RHSA-2023_4411

RHSA-2023_4418

RLSA-2023:4418

SUSE-SU-2023:3030-1

SUSE-SU-2023:3230-1

SUSE-SU-2023_3030-1

SUSE-SU-2023_3230-1

USN-6307-1

Affected Products

Almalinux

Centos

Linuxmint

Openidc/Cjose

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2023-37464

Weakness Enumeration

Related Identifiers

Affected Products

References · 49