cvelistv5 - CVE-2023-50658

CVE-2023-50658 (GCVE-0-2023-50658)

Vulnerability from cvelistv5

Published

2023-12-25 00:00

Modified

2024-08-02 22:16

Severity ?

CWE

Summary

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

References

URL

Tags

cve@mitre.org	https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317	Patch
cve@mitre.org	https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0	Patch

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50658",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-01T15:59:09.889417Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:18:04.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:47.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-25T21:39:17.515741",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
        },
        {
          "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-50658",
    "datePublished": "2023-12-25T00:00:00",
    "dateReserved": "2023-12-11T00:00:00",
    "dateUpdated": "2024-08-02T22:16:47.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-50658\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-02-29T01:42:01.123\",\"lastModified\":\"2025-02-14T17:23:19.307\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.\"},{\"lang\":\"es\",\"value\":\"El componente jose2go anterior a 1.6.0 para Go permite a los atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un valor grande de p2c (tambi\u00e9n conocido como PBES2 Count).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dvsekhvalnov:jose2go:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.6.0\",\"matchCriteriaId\":\"D9A0EDCB-6B6C-4778-B480-9234DC9CDDB9\"}]}]}],\"references\":[{\"url\":\"https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T22:16:47.116Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-50658\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-01T15:59:09.889417Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:14.461Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317\"}, {\"url\": \"https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-12-25T21:39:17.515741\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-50658\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T22:16:47.116Z\", \"dateReserved\": \"2023-12-11T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-12-25T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-6294-6rgp-fr7r

Vulnerability from github

Published

2024-02-29 03:33

Modified

2024-07-05 21:33

Summary

jose2go vulnerable to denial of service via large p2c value

Details

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/dvsekhvalnov/jose2go"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-50658"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-01T16:56:03Z",
    "nvd_published_at": "2024-02-29T01:42:01Z",
    "severity": "MODERATE"
  },
  "details": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.",
  "id": "GHSA-6294-6rgp-fr7r",
  "modified": "2024-07-05T21:33:55Z",
  "published": "2024-02-29T03:33:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50658"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dvsekhvalnov/jose2go/issues/31"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dvsekhvalnov/jose2go"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
    },
    {
      "type": "WEB",
      "url": "https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "jose2go vulnerable to denial of service via large p2c value"
}

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Entreprise versions 9.2.x antérieures à 9.2.3
Splunk	Splunk Enterprise	Splunk Entreprise versions 9.1.x antérieures à 9.1.6
Splunk	Splunk Enterprise	Splunk Entreprise versions 9.3.x antérieures à 9.3.1
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.1.2308.x antérieures à 9.1.2308.208
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.1.2312.x antérieures à 9.1.2312.205
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.2.2403.x antérieures à 9.2.2403.108

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2024-1008	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1005	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1006	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1002	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1003	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1007	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1004	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1010	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1011	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1012	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1009	2024-10-14	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1001	2024-10-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Entreprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.3",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Entreprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.6",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Entreprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.1.2308.x ant\u00e9rieures \u00e0 9.1.2308.208",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.1.2312.x ant\u00e9rieures \u00e0 9.1.2312.205",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.2.2403.x ant\u00e9rieures \u00e0 9.2.2403.108",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2017-14159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14159"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2020-36230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
    },
    {
      "name": "CVE-2024-45733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45733"
    },
    {
      "name": "CVE-2023-45142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
    },
    {
      "name": "CVE-2020-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
    },
    {
      "name": "CVE-2024-45731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45731"
    },
    {
      "name": "CVE-2019-13057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
    },
    {
      "name": "CVE-2023-45283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
    },
    {
      "name": "CVE-2023-29401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29401"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2015-3276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3276"
    },
    {
      "name": "CVE-2020-36225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
    },
    {
      "name": "CVE-2024-45739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45739"
    },
    {
      "name": "CVE-2023-39321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
    },
    {
      "name": "CVE-2023-45285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
    },
    {
      "name": "CVE-2023-45284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
    },
    {
      "name": "CVE-2020-36224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
    },
    {
      "name": "CVE-2021-27212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27212"
    },
    {
      "name": "CVE-2020-36228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
    },
    {
      "name": "CVE-2020-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2020-15719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15719"
    },
    {
      "name": "CVE-2024-45740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45740"
    },
    {
      "name": "CVE-2024-45736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45736"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2023-39320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39320"
    },
    {
      "name": "CVE-2017-17740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17740"
    },
    {
      "name": "CVE-2024-45741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45741"
    },
    {
      "name": "CVE-2020-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2020-36223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2024-45737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45737"
    },
    {
      "name": "CVE-2020-36229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-45732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45732"
    },
    {
      "name": "CVE-2022-29155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29155"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2024-45735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45735"
    },
    {
      "name": "CVE-2023-50658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50658"
    },
    {
      "name": "CVE-2023-47108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47108"
    },
    {
      "name": "CVE-2023-26125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26125"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2024-45738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45738"
    },
    {
      "name": "CVE-2020-36226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
    },
    {
      "name": "CVE-2020-36222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
    },
    {
      "name": "CVE-2023-39322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
    },
    {
      "name": "CVE-2022-42969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2019-13565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
    },
    {
      "name": "CVE-2023-39323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-45734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45734"
    },
    {
      "name": "CVE-2020-25692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
    }
  ],
  "initial_release_date": "2024-10-15T00:00:00",
  "last_revision_date": "2024-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0878",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1008",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1008"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1005",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1005"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1006",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1006"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1002",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1002"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1003",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1003"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1007",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1007"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1004",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1004"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1010",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1010"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1011",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1011"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1012",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1012"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1009",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1009"
    },
    {
      "published_at": "2024-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1001",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1001"
    }
  ]
}

gsd-2023-50658

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Aliases

CVE-2023-50658

Aliases

CVE-2023-50658

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-50658",
    "id": "GSD-2023-50658"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-50658"
      ],
      "details": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.",
      "id": "GSD-2023-50658",
      "modified": "2023-12-13T01:20:31.380971Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-50658",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317",
            "refsource": "MISC",
            "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
          },
          {
            "name": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0",
            "refsource": "MISC",
            "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value."
          }
        ],
        "id": "CVE-2023-50658",
        "lastModified": "2024-02-29T13:49:47.277",
        "metrics": {},
        "published": "2024-02-29T01:42:01.123",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

fkie_cve-2023-50658

Vulnerability from fkie_nvd

Published

2024-02-29 01:42

Modified

2025-02-14 17:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

References

URL	Tags
cve@mitre.org	https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317	Patch
cve@mitre.org	https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0	Patch

Impacted products

	Vendor	Product	Version
	dvsekhvalnov	jose2go	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dvsekhvalnov:jose2go:*:*:*:*:*:go:*:*",
              "matchCriteriaId": "D9A0EDCB-6B6C-4778-B480-9234DC9CDDB9",
              "versionEndExcluding": "1.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value."
    },
    {
      "lang": "es",
      "value": "El componente jose2go anterior a 1.6.0 para Go permite a los atacantes provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un valor grande de p2c (tambi\u00e9n conocido como PBES2 Count)."
    }
  ],
  "id": "CVE-2023-50658",
  "lastModified": "2025-02-14T17:23:19.307",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-29T01:42:01.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-50658 (GCVE-0-2023-50658)

Vulnerability from cvelistv5

ghsa-6294-6rgp-fr7r

Vulnerability from github

CERTFR-2024-AVI-0878

Vulnerability from certfr_avis

Solutions

gsd-2023-50658

Vulnerability from gsd

fkie_cve-2023-50658

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature