325 matches found
Security update for python-Authlib
This update for python-Authlib fixes the following issues: CVE-2025-62706: fixed a denial of service condition bsc1252504, ghauthlib/authlib@e0863d512931 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:3842-1 Security update for python-Authlib
This update for python-Authlib fixes the following issues: - CVE-2025-62706: fixed a denial of service condition bsc1252504, ghauthlib/authlib@e0863d512931...
Linux Distros Unpatched Vulnerability : CVE-2025-62706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE...
openSUSE Security Advisory (SUSE-SU-2025:3754-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2025:3754-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3754-1 advisory. - CVE-2025-61920: limited the size of the header to prevent DoS bsc1251921. Tenable has extracted the...
SUSE CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
Security update for python-Authlib
This update for python-Authlib fixes the following issues: CVE-2025-61920: limited the size of the header to prevent DoS bsc1251921. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...
DEBIAN-CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
UBUNTU-CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
EUVD-2025-33799
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
CVE-2025-62706
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
CVE-2025-62706
Authlib’s CVE-2025-62706 affects the JWE zip=DEF decompression path in prior releases. A small ciphertext could inflate to tens/hundreds of MB during decrypt, enabling DoS via memory and CPU exhaustion. A fix exists in v1.6.5; mitigations include rejecting or stripping zip=DEF for inbound JWEs, a...
CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...
Authlib 安全漏洞
Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. A security vulnerability exists in Authlib versions prior to 1.6.5, which stems from the JWE zip=DEF path executing an unrestricted DEFLATE decompression, which could lead to memory and C...
python311-Authlib-1.6.5-1.1 on GA media (moderate)
python311-Authlib-1.6.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15629-1 Rating: moderate Cross-References: CVE-2025-61920 CVSS scores: CVE-2025-61920 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61920 SUSE : 8.7...
Linux Distros Unpatched Vulnerability : CVE-2025-61920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded JWS/JWT heade...
SUSE CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url-encoded header or signature spans hundreds of megabytes...