CVE-2023-6681 Jwcrypto: denail of service via specifically crafted jwe

🗓️ 12 Feb 2024 14:04:45Reported by redhatType

Vulnerability in JWCrypto causing denial of servic

Reporter	Title	Published	Views	Family All 64
Tenable Nessus	Amazon Linux 2 : python-jwcrypto (ALAS-2024-2506)	1 Apr 202400:00	–	nessus
Tenable Nessus	MiracleLinux 8 : idm:client (AXSA:2024-8409:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 8 : idm:DL1 (AXSA:2024-8410:01)	20 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 9 : python-jwcrypto-1.5.6-2.el9 (AXSA:2024-9264:02)	20 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)	1 Jun 202400:00	–	nessus
Tenable Nessus	Oracle Linux 9 : python-jwcrypto (ELSA-2024-9281)	19 Nov 202400:00	–	nessus
Tenable Nessus	RHEL 8 : idm:DL1 and idm:client (RHSA-2024:3267)	7 Nov 202400:00	–	nessus
Tenable Nessus	RHEL 9 : python-jwcrypto (RHSA-2024:9281)	12 Nov 202400:00	–	nessus
Tenable Nessus	RHEL 7 : jwcrypto (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2024:3267)	14 Jun 202400:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "idm:client",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240417004735.143e9e98",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "idm:DL1",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8100020240416171943.823393f5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-jwcrypto",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:1.5.6-2.el9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Ansible Automation Platform 2",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "automation-controller",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:ansible_automation_platform:2"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-jwcrypto",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2023-6681
access	www.access.redhat.com/errata/RHSA-2024:9281
access	www.access.redhat.com/errata/RHSA-2024:3267

26 Feb 2026 20:34Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.3

EPSS0.00884

CWE-400