From 0535c19b40e6bfa0a4ae1a541d983ffaf320f93d Mon Sep 17 00:00:00 2001
From: Daisuke Maki <lestrrat+github@gmail.com>
Date: Sun, 3 Dec 2023 16:01:38 +0900
Subject: [PATCH 1/2] Fix p2c handling

---
 jwe/message.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/jwe/message.go b/jwe/message.go
index 6609a6924..9559877e3 100644
--- a/jwe/message.go
+++ b/jwe/message.go
@@ -612,6 +612,11 @@ func doDecryptCtx(dctx *decryptCtx) ([]byte, error) {
 			if !ok {
 				return nil, errors.Errorf("unexpected type for 'p2c': %T", count)
 			}
+			// in v1, this number is hardcoded to 10000. Use v2 if you need to
+			// finetune this value
+			if countFlt > 10000 {
+				return nil, errors.Errorf("invalid value for 'p2c'")
+			}
 			salt, err := base64.DecodeString(saltB64Str)
 			if err != nil {
 				return nil, errors.Wrap(err, "failed to b64-decode 'salt'")

From fa436a359b777f65738aee988802ec34b863dc4b Mon Sep 17 00:00:00 2001
From: Daisuke Maki <lestrrat+github@gmail.com>
Date: Sun, 3 Dec 2023 16:04:12 +0900
Subject: [PATCH 2/2] Update Changes

---
 Changes | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Changes b/Changes
index 14c01d5ee..0f06ccb2b 100644
--- a/Changes
+++ b/Changes
@@ -2,7 +2,13 @@ Changes
 =======
 
 v1.2.27 - UNRELEASED
-[Buf xies]
+[Security]
+  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,
+    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as
+    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.
+    [GHSA-7f9x-gw85-8grf]
+
+[Bug xies]
   * [jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously, either
      Set(.., <string>) or Set(..., []jwk.KeyOperation{...}) worked, but not a single
      jwk.KeyOperation