Miggo Logo
Miggo Vulnerability Database
CVE-2023-50966

CVE-2023-50966: erlang-jose vulnerable to denial of service via large p2c value

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-50966
GHSA ID
GHSA-9mg4-v392-8j68
EPSS Score
0.03412%
CWE
CWE-400
Published
3/19/2024
Updated
4/10/2024
KEV Status
No
Technology
TechnologyErlang

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
joseerlang< 1.11.71.11.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from uncontrolled PBES2 iteration counts ('p2c') in JWE key derivation. The commit diff shows the critical fix was adding a p2c maximum check in the 'pbkdf2' function. Prior to the patch, this function called PBKDF2 with attacker-controlled iterations directly. The functions 'key_decrypt' and 'key_encrypt' in the same file utilize 'pbkdf2', but the root vulnerability lies in 'pbkdf2' lacking iteration validation. The patch introduces 'jose:pbes2_count_maximum()' precisely to constrain this parameter in 'pbkdf2', confirming its role as the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*rl*n*-jos* (*k* JOS* *or *rl*n* *n* *lixir) t*rou** *.**.* *llow *tt**k*rs to **us* * **ni*l o* s*rvi** (*PU *onsumption) vi* * l*r** p** (*k* P**S* *ount) v*lu* in * JOS* *****r.

Reasoning

T** vuln*r**ility st*ms *rom un*ontroll** P**S* it*r*tion *ounts ('p**') in JW* k*y **riv*tion. T** *ommit *i** s*ows t** *riti**l *ix w*s ***in* * p** m*ximum ****k in t** 'p*k***' *un*tion. Prior to t** p*t**, t*is *un*tion **ll** P*K*** wit* *tt**