Security Advisory

CVE-2023-52428

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-11 00:00:00

Last updated 2024-10-30 19:50:55

Assigner mitre

State PUBLISHED

Description

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

← Browse all CVEs View on cve.org ↗