CVE-2023-51775

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions jose4j versions prior to 0.9.4

Description The issue is related to the improper implementation of the PBES2 algorithm in the jose4j component when handling the p2c parameter. This can allow a remote attacker to cause a denial of service due to CPU consumption via a large p2c (aka PBES2 Count) value.

Recommendations For versions prior to 0.9.4, update to version 0.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the p2c parameter to minimize the risk of exploitation.

Exploit

Fix

DoS

Use of a Broken Cryptographic Algorithm

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-400

Related Identifiers

BDU:2024-01787

CVE-2023-51775

GHSA-6QVW-249J-H44C

RHSA-2024:8075

RHSA-2024:8076

RHSA-2024:8077

SUSE-SU-2024:1507-1

SUSE-SU-2024:1532-1

Affected Products

Jose4J

CVE-2023-51775

Weakness Enumeration

Related Identifiers

Affected Products

References · 61