Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LibJWT has NULL/bounds validation in JWK octet and RSA PSS parsing
Vulnerability Description
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the code expected a string. This was fixed in v3.3.0. A workaround is available. Users importing keys through a JWK file should not do so from untrusted sources. Use the `jwk2key` tool to check for validity of a JWK file. Likewise, if possible, do not use JWK files with RSA-PSS keys.
CVSS Information
N/A
Vulnerability Type
空指针解引用
Vulnerability Title
libjwt 代码问题漏洞
Vulnerability Description
libjwt是Ben Collins个人开发者的一个用于生成和验证JSON Web Token的C语言库。 LibJWT 3.0.0至3.3.0之前版本存在代码问题漏洞,该漏洞源于RSA-PSS的JWK解析未防范空值,可能导致解析特制JWK文件时出现意外行为。
CVSS Information
N/A
Vulnerability Type
N/A