CVE-2023-37464

Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).

OpenIDC/cjose es una biblioteca C que implementa Javascript Object Signing and Encryption (JOSE). La rutina de descifrado AES GCM utiliza incorrectamente la longitud de la etiqueta de la etiqueta de autenticación real proporcionada en el JWE. La especificación dice que se debe aplicar una longitud fija de 16 octetos. Por lo tanto, este error permite a un atacante proporcionar una etiqueta de autenticación truncada y modificar el JWE en consecuencia. Los usuarios deben actualizar a una versión >= 0.6.2.2. Los usuarios que no puedan actualizar deben evitar el uso del cifrado AES GCM y reemplazarlo con otro algoritmo de cifrado (por ejemplo, AES CBC).

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption (JWE). A fixed length of 16 octets must be applied. This flaw allows an attacker to provide a truncated Authentication Tag and modify the JWE.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-07-06 CVE Reserved
2023-07-14 CVE Published
2024-10-18 EPSS Updated
2024-10-30 CVE Updated
2024-10-30 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

CAPEC

References (11)

URL	Tag	Source
https://datatracker.ietf.org/doc/html/rfc7518#section-4.7	Third Party Advisory
https://github.com/OpenIDC/cjose/releases/tag/v0.6.2.2	Release Notes
https://lists.debian.org/debian-lts-announce/2023/08/msg00002.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFWAPMYYVBO2U65HPYDTBEKNSXG4TP5C
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCQJXKDPCWCXB2V4JMQ3UWYJ4UIBPUW6
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTZHOVGY7AHGNMEY245HK4Q36AMA53AL
https://www.debian.org/security/2023/dsa-5472

URL	Date	SRC
https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj	2024-10-30

URL	Date	SRC
https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e	2023-09-15

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2023-37464	2023-08-02
https://bugzilla.redhat.com/show_bug.cgi?id=2223295	2023-08-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cjose Search vendor "Cisco" for product "Cjose"				< 0.6.2.2 Search vendor "Cisco" for product "Cjose" and version " < 0.6.2.2"		-		Affected