The jose2go component prior to 1.6.0 for Go allows malicious users to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.