jose2go vulnerable to denial of service via large p2c value
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Advisories for Golang/Github.com/Dvsekhvalnov/Jose2go package
2024
2023
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.