CVE-2016-9123

Metadata

medium
5.0
golang-gopkg-square-go-jose.v1
CVE-2016-9123
cve.mitre.org, openwall.com, github.com, hackerone.com
2017-03-27
2017-07-20 21:29
CVE-2016-9123 golang-gopkg-square-go-jose.v1
2017-06-16 19:21
2017-05-10 23:45
2017-04-14 10:19
2017-04-01 21:42
2017-03-28 21:03

Description

go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
upstream golang-gopkg-square-go-jose.v1 1.0.5-1

Unaffected

Release Package Reason
precise golang-gopkg-square-go-jose.v1 DNE
precise/esm golang-gopkg-square-go-jose.v1 DNE
trusty golang-gopkg-square-go-jose.v1 DNE
vivid/stable-phone-overlay golang-gopkg-square-go-jose.v1 DNE
vivid/ubuntu-core golang-gopkg-square-go-jose.v1 DNE
xenial golang-gopkg-square-go-jose.v1 DNE
yakkety golang-gopkg-square-go-jose.v1 ignored
zesty golang-gopkg-square-go-jose.v1 not-affected
devel golang-gopkg-square-go-jose.v1 not-affected