CVE-2016-9123: Integer Overflow or Wraparound

March 28, 2017 (updated March 29, 2017)

go-jose before suffers from a CBC-HMAC integer overflow on architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on architectures.

References

github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96
nvd.nist.gov/vuln/detail/CVE-2016-9123

Detect and mitigate CVE-2016-9123 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →