CVE-2023-6681 — Uncontrolled Resource Consumption in Jwcrypto

CWE-400 — Uncontrolled Resource Consumption7 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 91.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Latchset Jwcrypto Fedoraproject Fedora Redhat Enterprise Linux +3 more

Timeline

PublishedFeb 12

Description

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDlatchset/jwcrypto< 1.5.1

▶PyPIlatchset/jwcrypto< 1.5.1

Also affects: Fedora 38, 39, Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

OSV

CVE-2023-6681: A vulnerability was found in JWCrypto↗2024-02-12

▶

CVEList

Jwcrypto: denail of service via specifically crafted jwe↗2024-02-12

▶

OSV

DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value↗2023-12-28

▶

GHSA

DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value↗2023-12-28

▶

📋Vendor Advisories

Red Hat

JWCrypto: denail of service Via specifically crafted JWE↗2023-12-28

▶

Debian

CVE-2023-6681: python-jwcrypto - A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a d...↗2023

▶