CVE-2023-50967

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md	Exploit Third Party Advisory
https://github.com/latchset/jose	Product
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/	Mailing List Third Party Advisory
https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md	Exploit Third Party Advisory
https://github.com/latchset/jose	Product
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:latchset:jose:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*
	cpe:2.3:o:fedoraproject:fedora:40:::::::*

History

17 Jun 2025, 13:12

Type	Values Removed	Values Added
First Time		Latchset Fedoraproject Fedoraproject fedora Latchset jose
CPE		cpe:2.3:o:fedoraproject:fedora:39:::::::* cpe:2.3:o:fedoraproject:fedora:40:::::::* cpe:2.3:o:fedoraproject:fedora:38:::::::* cpe:2.3:a:latchset:jose::::::::
References	~~() https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md -~~	() https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md - Exploit, Third Party Advisory
References	~~() https://github.com/latchset/jose -~~	() https://github.com/latchset/jose - Product
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/ - Mailing List, Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/ - Mailing List, Third Party Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/ - Mailing List, Third Party Advisory

21 Nov 2024, 08:37

Type	Values Removed	Values Added
References	~~() https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md -~~	() https://github.com/P3ngu1nW/CVE_Request/blob/main/latch-jose.md -
References	~~() https://github.com/latchset/jose -~~	() https://github.com/latchset/jose -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/ -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/ -

27 Aug 2024, 21:35

Type	Values Removed	Values Added
CWE		CWE-400
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

19 Apr 2024, 23:15

Type	Values Removed	Values Added
Summary		(es) Latchset jose hasta la versión 11 permite a los atacantes provocar una denegación de servicio (consumo de CPU) a través de un valor grande de p2c (también conocido como PBES2 Count).
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EGLOAFN2PWZ75ZRLTUDUZCIPH2VFZU/ -

19 Apr 2024, 04:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIFPQUCLNWEAHYYJWCQD3AZPWYIV6YT3/ -

19 Apr 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OOBFVMOAV732C7PY74AHJ62ZNKT3ISZ6/ -

20 Mar 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-20 16:15

Updated : 2025-06-17 13:12

NVD link : CVE-2023-50967

Mitre link : CVE-2023-50967

CVE.ORG link : CVE-2023-50967

JSON object : View

Products Affected

latchset

jose

fedoraproject

fedora

CWE

CWE-400

Uncontrolled Resource Consumption

7.5 /10