CVE-2016-9123

Published March 28th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

MEDIUM

Affected

PROJECT

Description

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

square/go-jose

An implementation of JOSE standards (JWE, JWS, JWT) in Go

GitHub

1.96K