2455470 – (CVE-2026-34986) CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

Bug 2455470 (CVE-2026-34986) - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

Summary: CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: ...

Keywords:
Status:	NEW
Alias:	CVE-2026-34986
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2455614 2455616 2455618 2455621 2455622 2455624 2455628 2455630 2455636 2455637 2455638 2455639 2455640 2455641 2455642 2455643 2455644 2455645 2455646 2455648 2455649 2455650 2455651 2455652 2455653 2455654 2455655 2455656 2455657 2455658 2455659 2455660 2455661 2455662 2455663 2455664 2455666 2455667 2455668 2455669 2455670 2455671 2455673 2455674 2455675 2455676 2455647 2455665
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-06 17:01 UTC by OSIDB Bzimport
Modified:	2026-04-06 23:36 UTC (History)
CC List:	126 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-06 17:01:58 UTC

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

Note You need to log in before you can comment on or make changes to this bug.

aazores
abuckta
adudiak
agarcial
akoudelk
alcohan
anjoseph
anpicker
aoconnor
aprice
asegurap
bdettelb
bparees
caswilli
ckandaga
cmah
crizzo
derez
dfreiber
dhanak
dkuc
doconnor
drosa
drow
dschmidt
dsimansk
dymurray
eaguilar
ebaron
eborisov
eglynn
erezende
eshamard
fdeutsch
gparvin
gtanzill
hasun
ibolton
jaharrin
jbalunas
jburrell
jbuscemi
jcantril
jdobes
jeder
jfula
jjoyce
jkoehler
jlanda
jmatthew
jmitchel
jmontleo
jolong
jowilson
jprabhak
jsamir
jschluet
jsherril
jvasik
kaycoth
kbempah
kgaikwad
kingland
kshier
kverlaen
lball
lbragsta
lchilton
lgamliel
lhh
ljawale
lphiri
luizcosta
manissin
mburns
mgarciac
mnovotny
mstipich
mwringe
ngough
nweather
nyancey
oezr
ometelka
orabin
oramraz
pahickey
pakotvan
pbohmill
pgaikwad
pjindal
ptisnovs
pvasanth
rblanco
rbobbitt
rexwhite
rfreiman
rhaigner
rjohnson
rochandr
rojacob
sakbas
sausingh
sdawley
sfeifer
simaishi
slucidi
smcdonal
smullick
solenoci
sseago
stcannon
sthirugn
stirabos
syedriko
teagle
thason
veshanka
vkarehfa
vkumar
wenshen
whayutin
wtam
xdharmai
xiyuan
yguenane