Search CVE reports
1 result
CVE-2023-37464
Medium prioritySome fixes available 4 of 8
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says...
1 affected package
cjose
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cjose | Needs evaluation | Fixed | Fixed | Fixed | Ignored |