CVE-2023-37464 : OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encr

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).

Published 2023-07-14 21:15:09

Updated 2023-09-15 22:15:14

Source GitHub, Inc.

View at NVD, CVE.org

Products affected by CVE-2023-37464

Cisco » Cjose
Versions before (<) 0.6.2.2
cpe:2.3:a:cisco:cjose:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-37464

EPSS FAQ

0.58%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-37464

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N	3.9	4.0	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2023-37464

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2023-37464

https://www.debian.org/security/2023/dsa-5472

Debian -- Security Information -- DSA-5472-1 cjose
https://lists.debian.org/debian-lts-announce/2023/08/msg00002.html

[SECURITY] [DLA 3515-1] cjose security update
https://datatracker.ietf.org/doc/html/rfc7518#section-4.7

RFC 7518 - JSON Web Algorithms (JWA)
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFWAPMYYVBO2U65HPYDTBEKNSXG4TP5C/

[SECURITY] Fedora 37 Update: cjose-0.6.2.2-2.fc37 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTZHOVGY7AHGNMEY245HK4Q36AMA53AL/

[SECURITY] Fedora 38 Update: cjose-0.6.2.2-2.fc38 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCQJXKDPCWCXB2V4JMQ3UWYJ4UIBPUW6/

[SECURITY] Fedora 39 Update: cjose-0.6.2.2-2.fc39 - package-announce - Fedora Mailing-Lists
https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj

incorrect Authentication Tag length usage in AES GCM decryption · Advisory · OpenIDC/cjose · GitHub
Exploit;Patch;Vendor Advisory
https://github.com/OpenIDC/cjose/releases/tag/v0.6.2.2

Release release v0.6.2.2 · OpenIDC/cjose · GitHub
Release Notes
https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e

use fixed authentication tag length of 16 octets in AES GCM decryption · OpenIDC/cjose@7325e9a · GitHub
Patch

Jump to

Vulnerability Details : CVE-2023-37464

Products affected by CVE-2023-37464

Exploit prediction scoring system (EPSS) score for CVE-2023-37464

CVSS scores for CVE-2023-37464

CWE ids for CVE-2023-37464

References for CVE-2023-37464