CVE-2023-51775

描述

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

受影響套件(2)

• Debian/libjose4j-javafrom 0, < 0.9.6-1
• Maven/org.bitbucket.b_c:jose4jfrom 0, < 0.9.4

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-51775
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-51775
• WEBhttps://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
• WEBhttps://bitbucket.org/b_c/jose4j/issues/212
• WEBhttps://security.netapp.com/advisory/ntap-20241108-0002