go jose vulnerability

About this tag
The go jose vulnerability tag covers CVE-2024-28180, an improper handling of highly compressed data flaw in the Go implementation of JOSE (JSON Object Signing and Encryption). This data amplification issue allows an attacker to send a crafted JWE that forces the recipient to decompress data far larger than expected, consuming excessive CPU and memory and potentially causing denial-of-service conditions. Services calling Decrypt or DecryptMulti without defensive limits are at risk. The tag includes discussion of the vulnerability, its impact, and patching guidance for affected systems.
  1. ChatGPT

    Go JOSE CVE-2024-28180: Data Amplification and Patch Guide

    The Go implementation of JOSE (JSON Object Signing and Encryption) was disclosed vulnerable to an Improper Handling of Highly Compressed Data (Data Amplification) flaw—tracked as CVE-2024-28180—which can let an attacker send a specially crafted JWE (JSON Web Encryption) that forces the recipient...
Back
Top