Bug 2223295 (CVE-2023-37464)
| Summary: | CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vipul Nair <vinair> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | thalman |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cjose 0.6.2.2 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption (JWE). A fixed length of 16 octets must be applied. This flaw allows an attacker to provide a truncated Authentication Tag and modify the JWE.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2223307, 2223308, 2223330, 2223487, 2223488, 2223489, 2223490, 2223491, 2223492, 2223493 | ||
| Bug Blocks: | 2223315 | ||
|
Description
Vipul Nair
2023-07-17 09:57:33 UTC
Created cjose tracking bugs for this issue: Affects: fedora-all [bug 2223330] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4408 https://access.redhat.com/errata/RHSA-2023:4408 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4410 https://access.redhat.com/errata/RHSA-2023:4410 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4409 https://access.redhat.com/errata/RHSA-2023:4409 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4411 https://access.redhat.com/errata/RHSA-2023:4411 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4417 https://access.redhat.com/errata/RHSA-2023:4417 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4418 https://access.redhat.com/errata/RHSA-2023:4418 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4429 https://access.redhat.com/errata/RHSA-2023:4429 |