Denial of Service Issue in Latchset Jose Product
CVE-2023-50967

7.5HIGH

Key Information:

Vendor: Latchset
Status: jose
Vendor: CVE Published:; 20 March 2024

What is CVE-2023-50967?

A vulnerability exists in the Latchset jose product that allows attackers to exploit the system through the use of a large p2c (PBES2 Count) value. This exploitation can lead to significant CPU consumption, thereby causing a denial of service scenario. It is crucial for users of jose version 11 to be aware of this issue and take proactive measures to mitigate the risks associated with it.

References

https://github.com/latchset/jose

https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-j...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Dec 17, 2023

CVE-2023-50967 Data

JSON