CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2023-50967 – jose: Denial of service due to uncontrolled CPU consumption
https://notcve.org/view.php?id=CVE-2023-50967
20 Mar 2024 — latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. Latchset jose hasta la versión 11 permite a los atacantes provocar una denegación de servicio (consumo de CPU) a través de un valor grande de p2c (también conocido como PBES2 Count). A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker... • https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28102 – JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
https://notcve.org/view.php?id=CVE-2024-28102
06 Mar 2024 — JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. JWCrypto implementa las especificaciones JWK, JWS y JWE utilizando criptografía Python. • https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-6681 – Jwcrypto: denail of service via specifically crafted jwe
https://notcve.org/view.php?id=CVE-2023-6681
12 Feb 2024 — A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack. Se encontró una vulnerabilidad en JWCrypto. Esta falla permite que un atacante provoque un ataque de denegación de servicio (DoS) y posibles ataques de fuerza bruta y diccionario de contraseñas que consuman m... • https://access.redhat.com/errata/RHSA-2024:3267 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6258 – Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths
https://notcve.org/view.php?id=CVE-2023-6258
30 Jan 2024 — A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption. Se ha identificado una vulnerabilidad de seguridad en el proveedor pkcs11, que está asociado con los estándares de criptografía de clave pública (PKCS#11). Si se explota con éxito, esta vulnerabilidad podr... • https://bugzilla.redhat.com/show_bug.cgi?id=2251062 • CWE-203: Observable Discrepancy CWE-1300: Improper Protection of Physical Side Channels •