CVE-2023-6681: DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
(updated )
Denial of Service, Applications that allow the use of the PBKDF2 algorithm.
References
- access.redhat.com/errata/RHSA-2024:3267
- access.redhat.com/errata/RHSA-2024:9281
- access.redhat.com/security/cve/CVE-2023-6681
- bugzilla.redhat.com/show_bug.cgi?id=2260843
- github.com/advisories/GHSA-cw2r-4p82-qv79
- github.com/latchset/jwcrypto
- github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8
- github.com/latchset/jwcrypto/security/advisories/GHSA-cw2r-4p82-qv79
- github.com/pypa/advisory-database/tree/main/vulns/jwcrypto/PYSEC-2024-104.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-6681
Code Behaviors & Features
Detect and mitigate CVE-2023-6681 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →