CVE-2023-50967

EUVD-2023-55695
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
latchsetjose
𝑥
≤ 11
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jose
bookworm
11-2+deb12u1
fixed
bullseye
10-3+deb11u1
fixed
buster
postponed
sid
14-1
fixed
trixie
14-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jose
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
oracular
needs-triage
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
jose
RHEL 8
0:10-2.el8_10.3
fixed
RHEL 9
0:14-1.el9
fixed
libjose
RHEL 8
0:10-2.el8_10.3
fixed
RHEL 9
0:14-1.el9
fixed
libjose-devel
RHEL 8
0:10-2.el8_10.3
fixed
RHEL 9
0:14-1.el9
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
jose
Amazon Linux 2
0:10-1.amzn2.0.1
fixed
jose-debuginfo
Amazon Linux 2
0:10-1.amzn2.0.1
fixed
libjose
Amazon Linux 2
0:10-1.amzn2.0.1
fixed
libjose-devel
Amazon Linux 2
0:10-1.amzn2.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
jose
Azure Linux 3.0
0:14-3.azl3
fixed