Miggo Logo
Miggo Vulnerability Database
CVE-2016-9123

CVE-2016-9123:
Integer Overflow in go-jose

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-9123
GHSA ID
GHSA-3fx4-7f69-5mmg
EPSS Score
0.50565%
CWE
CWE-190
Published
6/23/2021
Updated
2/16/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/square/go-josego< 1.0.51.0.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from 32-bit integer overflows in buffer size calculations during CBC-HMAC operations. The commit 789a4c4 shows critical changes replacing int with uint64 in: 1) Seal's ciphertext allocation, 2) Open's output buffer sizing, 3) computeAuthTag()'s buffer construction, and 4) the resize helper. These functions directly handled length calculations using 32-bit integers that could wrap around, enabling attackers to craft ciphertexts that bypass authentication checks. The Go vulnerability report (GO-2020-0009) explicitly lists the cbcAEAD methods as affected symbols, and the patch's focus on uint64 conversions confirms these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*o-jos* ***or* *.*.* su***rs *rom * ***-*M** int***r ov*r*low on **-*it *r**it**tur*s. *n int***r ov*r*low *oul* l*** to *ut**nti**tion *yp*ss *or ***-*M** *n*rypt** *ip**rt*xts on **-*it *r**it**tur*s.

Reasoning

T** vuln*r**ility st*mm** *rom **-*it int***r ov*r*lows in *u***r siz* **l*ul*tions *urin* ***-*M** op*r*tions. T** *ommit `*******` s*ows *riti**l ***n**s r*pl**in* `int` wit* `uint**` in: *) S**l's *ip**rt*xt *llo**tion, *) Op*n's output *u***r siz