The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. https://security-tracker.debian.org/tracker/CVE-2023-50658 https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
Created golang-github-dvsekhvalnov-jose2go tracking bugs for this issue: Affects: fedora-all [bug 2255966] Created migrate tracking bugs for this issue: Affects: fedora-all [bug 2255967]