Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
References
Link | Resource |
---|---|
https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-20T19:41:15
Updated: 2022-08-20T19:41:15
Reserved: 2022-08-20T00:00:00
Link: CVE-2022-38493
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-20T20:15:08.613
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-38493
JSON object: View
Redhat Information
No data.
CWE