CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Configurations

Configuration 1 (hide)

cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:*

History

30 Oct 2024, 20:35

Type Values Removed Values Added
CWE CWE-770

16 Oct 2024, 20:01

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e - () https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e - Patch
References () https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/ - () https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/ - Issue Tracking
References () https://connect2id.com/products/nimbus-jose-jwt - () https://connect2id.com/products/nimbus-jose-jwt - Product
First Time Connect2id
Connect2id nimbus Jose\+jwt

11 Feb 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-11 05:15

Updated : 2024-10-30 20:35


NVD link : CVE-2023-52428

Mitre link : CVE-2023-52428

CVE.ORG link : CVE-2023-52428


JSON object : View

Products Affected

connect2id

  • nimbus_jose\+jwt
CWE
NVD-CWE-noinfo CWE-770

Allocation of Resources Without Limits or Throttling