rpm package
suse/cjose&distro=SUSE Linux Enterprise Module for Server Applications 15 SP5
pkg:rpm/suse/cjose&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37464 | Hig | 8.6 | < 0.6.1-150100.4.6.1 | 0.6.1-150100.4.6.1 | Jul 14, 2023 | OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. T |
- affected < 0.6.1-150100.4.6.1fixed 0.6.1-150100.4.6.1
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. T