data/reports: update GO-2023-2409.yaml
Aliases: GHSA-mhpq-9638-x6pw
Updates golang/vulndb#2409
Fixes golang/vulndb#2416
Change-Id: I69f59403db2320cb9242c3e5c1295168edcd9b5d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/551995
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2023-2409.json b/data/osv/GO-2023-2409.json
index 00f136a..27a6ec9 100644
--- a/data/osv/GO-2023-2409.json
+++ b/data/osv/GO-2023-2409.json
@@ -3,6 +3,9 @@
"id": "GO-2023-2409",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "GHSA-mhpq-9638-x6pw"
+ ],
"summary": "Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go",
"details": "An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.",
"affected": [
diff --git a/data/reports/GO-2023-2409.yaml b/data/reports/GO-2023-2409.yaml
index 6b54628..fa5b21a 100644
--- a/data/reports/GO-2023-2409.yaml
+++ b/data/reports/GO-2023-2409.yaml
@@ -21,6 +21,8 @@
description: |-
An attacker controlled input of a PBES2 encrypted JWE blob can have a very
large p2c value that, when decrypted, produces a denial-of-service.
+ghsas:
+ - GHSA-mhpq-9638-x6pw
credits:
- '@mschwager'
references:
