You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
pbes2 p2c
About this tag
The tag pbes2 p2c covers discussions around the PBES2 key management algorithm and its p2c (iteration count) parameter in JSON Web Encryption (JWE). Content on WindowsForum.com focuses on CVE-2023-50966, a security vulnerability in the erlang-jose library where an attacker can supply a maliciously large p2c value to cause excessive CPU consumption during JWE decryption, leading to a denial-of-service condition. The vulnerability affects versions through 1.11.6 and is fixed in 1.11.7. Microsoft has acknowledged that Azure Linux includes the affected library and is monitoring the impact on other products. The tag is relevant for developers and IT professionals working with JOSE implementations, particularly in Erlang/Elixir environments, and those tracking security advisories from Microsoft.
The erlang-jose library (JOSE for Erlang and Elixir) was assigned CVE-2023-50966 after researchers discovered that maliciously large PBES2 iteration counts (the JOSE header field known as p2c) can be abused to cause excessive CPU consumption during JWE decryption—an attacker-controlled...