| Package | cjose |
|---|---|
| Version | 0.4.1-3+deb9u1 (stretch) |
| Related CVEs | CVE-2023-37464 |
It was discovered that the AES GCM decryption routine of cjose, a C library implementing the JOSE standard, incorrectly uses the tag length from the actual authentication tag provided in the JWE instead of the specified fixed length of 16 bytes.
This allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly.
For Debian 9 stretch, these problems have been fixed in version 0.4.1-3+deb9u1.
We recommend that you upgrade your cjose packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.