DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

GHSA-mhpq-9638-x6pw

Published

Last updated

https://github.com/advisories/GHSA-mhpq-9638-x6pw

Severity

5.3

Medium

CVSS V3

Summary

Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go

Description

An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.

References

  • https://github.com/advisories/GHSA-mhpq-9638-x6pw
  • https://github.com/dvsekhvalnov/jose2go/issues/31
  • https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
  • https://github.com/dvsekhvalnov/jose2go
  • https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal