CVE-2022-38493

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:rhonabwy_project:rhonabwy:*:*:*:*:*:*:*:*

Information

Published : 2022-08-20 13:15

Updated : 2022-08-23 11:51


NVD link : CVE-2022-38493

Mitre link : CVE-2022-38493


JSON object : View

CWE
CWE-347

Improper Verification of Cryptographic Signature

Advertisement

dedicated server usa

Products Affected

rhonabwy_project

  • rhonabwy