latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md https://github.com/latchset/jose
Created jose tracking bugs for this issue: Affects: fedora-all [bug 2270539]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5294 https://access.redhat.com/errata/RHSA-2024:5294
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9181 https://access.redhat.com/errata/RHSA-2024:9181