VDB
KO
HIGH 7.5

GHSA-3fx4-7f69-5mmg

Integer Overflow in go-jose

Details

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/square/go-jose
Introduced in: 0 Fixed in: 0.0.0-20160903044734-789a4c4bd4c1
Fix go get github.com/square/go-jose@v0.0.0-20160903044734-789a4c4bd4c1

References