You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2023 50966
About this tag
CVE-2023-50966 is a security vulnerability in the erlang-jose library (JOSE for Erlang and Elixir) that allows attackers to cause excessive CPU consumption during JWE decryption by supplying maliciously large PBES2 iteration counts (the p2c header field). The flaw affects versions through 1.11.6 and was fixed in version 1.11.7. Microsoft has acknowledged that Azure Linux includes this library and is potentially affected, with plans to update CVE/VEX mappings if additional Microsoft products are identified. Discussions on WindowsForum cover the risk, the fix, and the broader implications for systems using erlang-jose, particularly in enterprise environments where denial-of-service attacks could impact availability.
The erlang-jose library (JOSE for Erlang and Elixir) was assigned CVE-2023-50966 after researchers discovered that maliciously large PBES2 iteration counts (the JOSE header field known as p2c) can be abused to cause excessive CPU consumption during JWE decryption—an attacker-controlled...