VDB

GCVE-110-MAGEIA-2023-350

GCVE-110-MAGEIA-2023-350
Advisory Published
Vulnetix · Advisory published December 18, 2023
The updated packages fix a security vulnerability: The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. (CVE-2023-37464)

Affected Products

VendorProductVersionsPlatforms
Mageiacjose0 (affected), 0.6.1-1.1.mga8 (unaffected)
Mageiacjose0 (affected), 0.6.1-3.1.mga9 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›