CVE-2016-9123

Published: Mar 28, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

Vendor	Product	Versions
n/a	Go JOSE All versions before 1.0.5	affected `Go JOSE All versions before 1.0.5`

References

https://github.com/square/go-jose/commit/789a4c4bd4c118f7564954f441b29c153ccd6a96

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2016/11/03/1

x_refsource_MISC

https://hackerone.com/reports/165170

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-9123

Description

Affected Products

References