CVE-2023-50967 – jose: Denial of service due to uncontrolled CPU consumption

https://notcve.org/view.php?id=CVE-2023-50967

20 Mar 2024 — latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. Latchset jose hasta la versión 11 permite a los atacantes provocar una denegación de servicio (consumo de CPU) a través de un valor grande de p2c (también conocido como PBES2 Count). A flaw was found in the Jose package, where a large number of iterations used to derive the wrapping key for the PBKDF2 algorithm may lead to a denial of service. This flaw allows an attacker... • https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md • CWE-400: Uncontrolled Resource Consumption •