Primary

Context

Golang OAuth2 Library JWS Token Parsing Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in the Golang OAuth2 library, specifically in the JWS (JSON Web Signature) component, prior to version 0.27.0. The issue arises when an attacker passes a maliciously crafted token, leading to unexpected memory consumption during the token parsing process.

Impact

Exploitation of this vulnerability causes excessive memory usage, which can lead to a denial-of-service condition by causing the application to become unresponsive or to crash.

Remediation

Users can upgrade to Golang OAuth2 library version 0.27.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Golang OAuth2 Library JWS Token Parsing Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating