git: 0ea5a54f7032 - main - security/vuxml: add net/jose DoS vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 11 Apr 2024 06:27:59 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=0ea5a54f7032a9c5bdb18b80ba67b2baf8ab14fa
commit 0ea5a54f7032a9c5bdb18b80ba67b2baf8ab14fa
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-04-11 06:25:22 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-04-11 06:27:34 +0000
security/vuxml: add net/jose DoS vulnerability
PR: 278243
---
security/vuxml/vuln/2024.xml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index c26bc550f4d3..186d50408cd0 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1,3 +1,32 @@
+ <vuln vid="02be46c1-f7cc-11ee-aa6b-b42e991fc52e">
+ <topic>jose -- DoS vulnerability</topic>
+ <affects>
+ <package>
+ <name>jose</name>
+ <range><lt>13</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>cve@mitre.org reports:</p>
+ <blockquote cite="https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md">
+ <p>
+ latchset jose through version 11 allows attackers to cause
+ a denial of service (CPU consumption) via a large p2c (aka
+ PBES2 Count) value.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-50967</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-50967</url>
+ </references>
+ <dates>
+ <discovery>2024-03-20</discovery>
+ <entry>2024-04-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="dad6294c-f7c1-11ee-bb77-001b217b3468">
<topic>Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6</topic>
<affects>