GHSA-2c7c-3mj9-8fqh: Decryption of malicious PBES2 JWE objects can consume unbounded system resources

The analysis focused on the code modifications presented in the provided commit information. Both commits (65351c27657d58960c2e6c9fbb2b00f818e50568 for go-jose/v3 and a3d307244c3bc50b25a71aa0688764c32ec419c7 for go-jose/v2) apply the same fix to the decryptKey method within the symmetricKeyCipher type in symmetric.go. This method is responsible for handling key decryption using PBES2, where the p2c (iteration count) parameter is critical. The vulnerability stemmed from the lack of an upper-bound check on this p2c value, which could be maliciously inflated by an attacker. The patch introduces this necessary check. While the commit messages and vulnerability description mention higher-level API functions like JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti as being affected (as they are the entry points for decryption), the core logical flaw and the fix reside within (*symmetricKeyCipher).decryptKey. Therefore, this function is identified as the vulnerable function directly addressed by the patches. It processes the malicious input part (p2c) and contained the vulnerability (missing check), and it would appear in a runtime profile during exploitation.