exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2023-37464

Status Candidate

Overview

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).

Related Files

Ubuntu Security Notice USN-6307-1
Posted Aug 25, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6307-1 - It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. An attacker could use this to cause a denial of service or might expose sensitive information.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-37464
SHA-256 | 0fe1a24114e00e5ae9f25a559d718911b8f95a69aeb879b5dabc16383b1d3100
Debian Security Advisory 5472-1
Posted Aug 9, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5472-1 - It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.

tags | advisory
systems | linux, debian
advisories | CVE-2023-37464
SHA-256 | e815ed796d98716daec24718d9f1e8fca1f08e0f4680903994da1dabbc41af77
Red Hat Security Advisory 2023-4429-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4429-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | 84e4fa4c9b723f028eda570601609ad7ebfc7fe269bbe166be52f190e0c0e177
Red Hat Security Advisory 2023-4417-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4417-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | 22c3bb74d9c2e542f865f639c88c79b425277c88a060f4e27bf5dbe20a578efb
Red Hat Security Advisory 2023-4418-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4418-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | 0a1d5bf1e533e63b02c6e841cbe1f36306457fe7553ff9cafa89fb500b756835
Red Hat Security Advisory 2023-4411-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4411-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | dccddcd552f7680d2e72aefb3cffd84471aa6a23a83e150e4d8ca50f00633b60
Red Hat Security Advisory 2023-4410-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4410-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | 962a03700cdaf2b77f70083e13671a7f51883c7dd8caf31e5fcb70c908ba55ca
Red Hat Security Advisory 2023-4409-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | 40ffbac1f3fe480270dd9f44f9d7529da5cc4f57c4e56941745de21f93adbf30
Red Hat Security Advisory 2023-4408-01
Posted Aug 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4408-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-37464
SHA-256 | 1efff2ead8b420c3c676224349d5410ab7d79630c905f83d260e8b9095357348
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close