AZL-39857

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39857.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-39857

Upstream

CVE-2023-50966

Published

2024-03-19T15:15:07Z

Modified

2026-04-01T05:13:30.158445Z

Summary

CVE-2023-50966 affecting package rabbitmq-server for versions less than 3.11.24-2

Details

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-50966

Affected packages

Azure Linux:2 / rabbitmq-server

Package

Name: rabbitmq-server
Purl: pkg:rpm/azure-linux/rabbitmq-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.24-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39857.json"