Fabre

#1120701 golang-github-dvsekhvalnov-jose2go: CVE-2025-63811 #1120701

Package:: src:golang-github-dvsekhvalnov-jose2go

Source:: src:golang-github-dvsekhvalnov-jose2go

Submitter:: Salvatore Bonaccorso

Date:: 2025-11-20 17:39:02 UTC

Severity:: normal

Tags:

#1120701#5

Date:: 2025-11-14 21:41:55 UTC

From:

To:

Hi,

The following vulnerability was published for golang-github-dvsekhvalnov-jose2go.

CVE-2025-63811[0]:
| An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0
| allowing an attacker to cause a Denial-of-Service (DoS) via crafted
| JSON Web Encryption (JWE) token with an exceptionally high
| compression ratio.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-63811
https://www.cve.org/CVERecord?id=CVE-2025-63811
[1] https://github.com/dvsekhvalnov/jose2go/issues/33

Regards,
Salvatore

#1120701 golang-github-dvsekhvalnov-jose2go: CVE-2025-63811 #1120701

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)