Name | CVE-2023-31582 |
Description | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 1054872 |
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
Notes
https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then
Fixed by: https://bitbucket.org/b_c/jose4j/commits/1929fe3 (jose4j/0.9.3)