CVE-2023-37464

2023-07-1400:00:00

ubuntu.com

openidc/cjose

aes gcm

decryption

tag length

vulnerability

upgrade

encryption algorithm

aes cbc

unix

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

EPSS

0.003

Percentile

65.9%

JSON

OpenIDC/cjose is a C library implementing the Javascript Object Signing and
Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag
length from the actual Authentication Tag provided in the JWE. The spec
says that a fixed length of 16 octets must be applied. Therefore this bug
allows an attacker to provide a truncated Authentication Tag and to modify
the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users
unable to upgrade should avoid using AES GCM encryption and replace it with
another encryption algorithm (e.g. AES CBC).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcjose< 0.6.0+dfsg1-1ubuntu0.1~esm1UNKNOWN
ubuntu20.04noarchcjose< 0.6.1+dfsg1-1ubuntu0.1UNKNOWN
ubuntu22.04noarchcjose< 0.6.1+dfsg1-3ubuntu1.1UNKNOWN
ubuntu23.04noarchcjose< 0.6.2.1-1ubuntu0.1UNKNOWN
ubuntu24.04noarchcjose< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	cjose	< 0.6.0+dfsg1-1ubuntu0.1~esm1	UNKNOWN
ubuntu	20.04	noarch	cjose	< 0.6.1+dfsg1-1ubuntu0.1	UNKNOWN
ubuntu	22.04	noarch	cjose	< 0.6.1+dfsg1-3ubuntu1.1	UNKNOWN
ubuntu	23.04	noarch	cjose	< 0.6.2.1-1ubuntu0.1	UNKNOWN
ubuntu	24.04	noarch	cjose	< any	UNKNOWN