Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-20T19:41:15
Updated: 2024-08-03T10:54:03.986Z
Reserved: 2022-08-20T00:00:00
Link: CVE-2022-38493
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-08-20T20:15:08.613
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-38493
Redhat
No data.