Directory Security Advisories

Security Advisories

CGA-qpgh-g4p2-gvvc

Published

Last updated

https://images.chainguard.dev/security/CGA-qpgh-g4p2-gvvc

Package

vault-fips-1.14

Latest Update

Fixed

Fixed Version

1.14.8-r2

Aliases

GHSA-mhpq-9638-x6pw

Severity

5.3

Medium

CVSS V3

Summary

Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go

Description

An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

© 2024 Chainguard. All Rights Reserved.

Product

Chainguard Images

Why Chainguard

Container Image Security Vulnerability Remediation Compliance and Risk Mitigation Software Supply Chain Security AI/ML Security

Customers

Customer Stories Chainguard Love

Company

About Us Open Source Careers Newsroom Legal

Resources

Unchained Blog Research Events Trust Center Documentation