CVE-2023-50967

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions latchset Jose versions prior to 11

Description The issue is related to an uncontrolled resource consumption in the latchset Jose module for signing and encrypting JSON objects. This can be exploited by an attacker to cause a denial of service through CPU consumption by using a large p2c (also known as PBES2 Count) value.

Recommendations For versions prior to 11, consider restricting the use of large p2c values to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2024:5294

ALSA-2024:9181

ALT-PU-2024-14928

AZL-43528

AZL-45135

BDU:2024-02461

CESA-2024_5294

CVE-2023-50967

INFSA-2024_5294

INFSA-2024_9181

OESA-2024-1440

OESA-2024-1471

RHSA-2024:5294

RHSA-2024:9181

RHSA-2024_5294

RHSA-2024_9181

RLSA-2024:9181

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Red Os

Rocky Linux

Latchset Jose

CVE-2023-50967

Weakness Enumeration

Related Identifiers

Affected Products

References · 55