Synopsis:
jose security updateSummary:
An update for jose is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3.Description:
José is a C-language implementation of the Javascript Object Signing and Encryption standards. José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts.
Security Fix(es):
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.(CVE-2023-50967)Topic:
An update for jose is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
LowAffected Component:
jose
7.oe17.oe17.oe17.oe17.oe17.oe2003sp47.oe2003sp47.oe2003sp47.oe2003sp47.oe2003sp4Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:H2.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H