Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 02 Nov 2016 16:58:53 -0700
From: Cedric Staub <>
Subject: CVE request: multiple issues in go-jose package


I'd like to request CVE numbers for three issues in go-jose

1. Invalid curve attack for ECDH-ES algorithm

When deriving a shared key using ECDH-ES for an encrypted message, go-
jose neglected to check that the received public key on a message is on
the same curve as the static private key of the receiver, thus making it
vulnerable to an invalid curve attack.

Upstream patch:

2. Exploiting multiple signatures

The go-jose library supports messages with multiple signatures. However,
when validating a signed message the API did not indicate which
signature was valid, which could potentially lead to confusion. For
example, users of the library might mistakenly read protected header
values from an attached signature that was different from the one
originally validated.

Upstream patch:

3. CBC-HMAC integer overflow on 32-bit architectures

An integer overflow could lead to authentication bypass for CBC-HMAC
encrypted ciphertexts on 32-bit architectures.

Upstream patch:

All of the above issues were reported by Quan Nguyen from Google's
Information Security Engineering Team.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.