Impact
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
Patches
Release 1.1.6 has fixed the issue
Workarounds
Verify header iv and encrypted key length before running a key decryption.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32096
Impact
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component
r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.Patches
Release 1.1.6 has fixed the issue
Workarounds
Verify header
ivand encrypted key length before running a key decryption.References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32096