Upstream information

CVE-2023-50967 at MITRE

Description

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1221804 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Liberty Linux 8
  • jose >= 10-2.el8_10.3
  • libjose >= 10-2.el8_10.3
  • libjose-devel >= 10-2.el8_10.3
 Patchnames:
RHSA-2024:5294
SUSE Liberty Linux 9
  • jose >= 14-1.el9
  • libjose >= 14-1.el9
  • libjose-devel >= 14-1.el9
 Patchnames:
RHSA-2024:9181

SUSE Timeline for this CVE

CVE page created: Wed Mar 20 19:00:07 2024
CVE page last modified: Thu Nov 21 19:48:33 2024