Moderate severityNVD Advisory· Published Dec 25, 2023· Updated Aug 2, 2024
CVE-2023-50658
CVE-2023-50658
Description
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/dvsekhvalnov/jose2goGo | < 1.6.0 | 1.6.0 |
Affected products
40- jose2go/jose2godescription
- osv-coords39 versionspkg:apk/chainguard/jitsucom-bulkerpkg:apk/chainguard/jitsucom-bulker-bulkerpkg:apk/chainguard/jitsucom-bulker-bulker-compatpkg:apk/chainguard/jitsucom-bulker-ingestpkg:apk/chainguard/jitsucom-bulker-ingest-compatpkg:apk/chainguard/jitsucom-bulker-ingmgrpkg:apk/chainguard/jitsucom-bulker-ingmgr-compatpkg:apk/chainguard/jitsucom-bulker-sidecarpkg:apk/chainguard/jitsucom-bulker-sidecar-compatpkg:apk/chainguard/jitsucom-bulker-syncctlpkg:apk/chainguard/jitsucom-bulker-syncctl-compatpkg:apk/chainguard/telegraf-1.26pkg:apk/chainguard/telegraf-1.27pkg:apk/chainguard/telegraf-1.28pkg:apk/chainguard/telegraf-1.29pkg:apk/chainguard/vault-1.13pkg:apk/chainguard/vault-1.13-compatpkg:apk/chainguard/vault-1.13-entrypointpkg:apk/chainguard/vault-fips-1.14pkg:apk/chainguard/vault-fips-1.14-compatpkg:apk/wolfi/jitsucom-bulkerpkg:apk/wolfi/jitsucom-bulker-bulkerpkg:apk/wolfi/jitsucom-bulker-bulker-compatpkg:apk/wolfi/jitsucom-bulker-ingestpkg:apk/wolfi/jitsucom-bulker-ingest-compatpkg:apk/wolfi/jitsucom-bulker-ingmgrpkg:apk/wolfi/jitsucom-bulker-ingmgr-compatpkg:apk/wolfi/jitsucom-bulker-sidecarpkg:apk/wolfi/jitsucom-bulker-sidecar-compatpkg:apk/wolfi/jitsucom-bulker-syncctlpkg:apk/wolfi/jitsucom-bulker-syncctl-compatpkg:apk/wolfi/telegraf-1.26pkg:apk/wolfi/telegraf-1.27pkg:apk/wolfi/telegraf-1.28pkg:apk/wolfi/telegraf-1.29pkg:apk/wolfi/vault-1.13pkg:apk/wolfi/vault-1.13-compatpkg:apk/wolfi/vault-1.13-entrypointpkg:golang/github.com/dvsekhvalnov/jose2go
< 2.6.0-r2+ 38 more
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 1.26.3-r11
- (no CPE)range: < 1.27.4-r11
- (no CPE)range: < 1.28.5-r4
- (no CPE)range: < 1.29.1-r1
- (no CPE)range: < 1.13.12-r1
- (no CPE)range: < 1.13.12-r1
- (no CPE)range: < 1.13.12-r1
- (no CPE)range: < 1.14.10-r0
- (no CPE)range: < 1.14.10-r0
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 2.6.0-r2
- (no CPE)range: < 1.26.3-r11
- (no CPE)range: < 1.27.4-r11
- (no CPE)range: < 1.28.5-r4
- (no CPE)range: < 1.29.1-r1
- (no CPE)range: < 1.13.12-r1
- (no CPE)range: < 1.13.12-r1
- (no CPE)range: < 1.13.12-r1
- (no CPE)range: < 1.6.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6294-6rgp-fr7rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-50658ghsaADVISORY
- github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317ghsaWEB
- github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0ghsaWEB
- github.com/dvsekhvalnov/jose2go/issues/31ghsaWEB
- pkg.go.dev/vuln/GO-2023-2409ghsaWEB
- www.blackhat.com/us-23/briefings/schedule/ghsaWEB
News mentions
0No linked articles in our index yet.