CVE-2023-52428

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-52428
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52428.json
Published
2024-02-11T05:15:08Z
Modified
2024-02-12T01:16:02.233610Z
Details

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

References

Affected packages

Git / bitbucket.org/connect2id/nimbus-jose-jwt

Affected ranges

Type
GIT
Repo
https://bitbucket.org/connect2id/nimbus-jose-jwt
Events
Introduced
0The exact introduced commit is unknown
Fixed
3b3b77e

Affected versions

2.*

2.0
2.0.1
2.1
2.1.1
2.10
2.10.1
2.11.0
2.12.0
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.15.2
2.16
2.17
2.17.1
2.17.2
2.18
2.18.1
2.18.2
2.19
2.19.1
2.2
2.20
2.21
2.22
2.22.1
2.23
2.24
2.25
2.26
2.26.1
2.3
2.4
2.5
2.6
2.7
2.8
2.9

3.*

3.0
3.1
3.1.1
3.1.2
3.10
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.8.2
3.9
3.9.1
3.9.2

4.*

4.0
4.0-rc1
4.0-rc2
4.0-rc3
4.0-rc4
4.0.1
4.1
4.1.1
4.10
4.11
4.11.1
4.11.2
4.12
4.13.1
4.14
4.15
4.15.1
4.16
4.16.1
4.16.2
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.26.1
4.27
4.27.1
4.28
4.29
4.3
4.3.1
4.30
4.31.1
4.32
4.33
4.34
4.34.1
4.34.2
4.35
4.36
4.36.1
4.37
4.37.1
4.38
4.39
4.39.1
4.39.2
4.4
4.40
4.41
4.41.1
4.41.2
4.5
4.6
4.7
4.8
4.9

5.*

5.0
5.1
5.10
5.11
5.12
5.13
5.14
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9

6.*

6.0
6.0.1
6.0.2
6.1
6.1.1
6.2
6.3
6.3.1
6.4
6.4.1
6.4.2
6.5
6.5.1
6.6
6.7
6.8

7.*

7.0
7.0.1
7.1
7.2.1
7.3
7.3.1
7.4
7.5
7.5.1
7.6
7.7
7.8
7.9

8.*

8.0
8.1
8.10
8.11
8.12
8.13
8.14
8.14.1
8.15
8.16
8.17
8.17.1
8.18
8.18.1
8.19
8.2
8.2.1
8.20
8.3
8.4
8.4.1
8.5
8.5.1
8.6
8.7
8.8
8.9

9.*

9.0
9.0.1
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.10
9.10.1
9.11
9.11.1
9.11.2
9.11.3
9.12
9.12.1
9.13
9.14
9.15
9.15.1
9.15.2
9.16
9.16-preview.1
9.16.1
9.17
9.18
9.19
9.2
9.20
9.21
9.21.1
9.22
9.23
9.24
9.24.1
9.24.2
9.24.3
9.24.4
9.25
9.25.1
9.25.2
9.25.3
9.25.4
9.25.5
9.25.6
9.26
9.27
9.28
9.29
9.3
9.30
9.30.1
9.30.2
9.31
9.32
9.33
9.34
9.35
9.36
9.37
9.37.1
9.4
9.4.1
9.4.2
9.5
9.6
9.6.1
9.7
9.8
9.8.1
9.9
9.9.1
9.9.2
9.9.3