CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

CVE-2025-62706

Authlib’s CVE-2025-62706 affects the JWE zip=DEF decompression path in prior releases. A small ciphertext could inflate to tens/hundreds of MB during decrypt, enabling DoS via memory and CPU exhaustion. A fix exists in v1.6.5; mitigations include rejecting or stripping zip=DEF for inbound JWEs, a...

CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

Authlib 安全漏洞

Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. A security vulnerability exists in Authlib versions prior to 1.6.5, which stems from the JWE zip=DEF path executing an unrestricted DEFLATE decompression, which could lead to memory and C...

python311-Authlib-1.6.5-1.1 on GA media (moderate)

python311-Authlib-1.6.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15629-1 Rating: moderate Cross-References: CVE-2025-61920 CVSS scores: CVE-2025-61920 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61920 SUSE : 8.7...

Linux Distros Unpatched Vulnerability : CVE-2025-61920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded JWS/JWT heade...

SUSE CVE-2025-61920

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url-encoded header or signature spans hundreds of megabytes...

OPENSUSE-SU-2025:15629-1 python311-Authlib-1.6.5-1.1 on GA media

These are all security issues fixed in the python311-Authlib-1.6.5-1.1 package on the GA media of openSUSE Tumbleweed...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +266 more potentially affected by CVE-2025-62706 via authlib (>=0.10.0 <=1.6.4)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-62706 Source advisory: OSV:GHSA-G7F3-828F-7H7M...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +207 more potentially affected by CVE-2025-62706 via authlib (>=1.0.0 <=1.6.4)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-62706 Source advisory:...

Allocation of Resources Without Limits or Throttling

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DeflateZipAlgorithm.decompress function. An attacker can exhaust memory and CPU resources by submitting...

GHSA-G7F3-828F-7H7M Authlib : JWE zip=DEF decompression bomb enables DoS

Summary Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable tokens to exhaust memory and CPU and cause denial of service. Details - Affected component...

CVE-2025-61920

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...

Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +266 more potentially affected by CVE-2025-61920 via authlib (>=0.10.0 <=1.6.4)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-61920 Source advisory: OSV:GHSA-PQ5P-34CR-23V9...

Allocation of Resources Without Limits or Throttling

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the extractsegment and extractheader processes. An unauthenticated attacker can exhaust system resources and...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +207 more potentially affected by CVE-2025-61920 via authlib (>=1.0.0 <=1.6.4)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-61920 Source advisory:...

GHSA-PQ5P-34CR-23V9 Authlib is vulnerable to Denial of Service via Oversized JOSE Segments

Summary Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving...

CVE-2025-61920

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...