VYPR

rpm package

suse/cjose&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

pkg:rpm/suse/cjose&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Vulnerabilities (1)

  • CVE-2023-37464HigJul 14, 2023
    affected < 0.6.1-150100.4.6.1fixed 0.6.1-150100.4.6.1

    OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. T