Bug 2270538 (CVE-2023-50967) - CVE-2023-50967 jose: Denial of service due to uncontrolled CPU consumption
Summary: CVE-2023-50967 jose: Denial of service due to uncontrolled CPU consumption
Keywords:
Status: NEW
Alias: CVE-2023-50967
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2270539
Blocks: 2270540
TreeView+ depends on / blocked
 
Reported: 2024-03-20 20:35 UTC by Marco Benatto
Modified: 2025-05-06 08:28 UTC (History)
22 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:5294 0 None None None 2024-08-13 15:26:02 UTC
Red Hat Product Errata RHSA-2024:9181 0 None None None 2024-11-12 09:02:31 UTC

Description Marco Benatto 2024-03-20 20:35:59 UTC
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md
https://github.com/latchset/jose

Comment 1 Marco Benatto 2024-03-20 20:36:35 UTC
Created jose tracking bugs for this issue:

Affects: fedora-all [bug 2270539]

Comment 5 errata-xmlrpc 2024-08-13 15:26:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5294 https://access.redhat.com/errata/RHSA-2024:5294

Comment 6 errata-xmlrpc 2024-11-12 09:02:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9181 https://access.redhat.com/errata/RHSA-2024:9181


Note You need to log in before you can comment on or make changes to this bug.