Lucene search
K
LatchsetJwcrypto

4 matches found

CVE
CVE
added 2024/03/06 9:9 p.m.383 views

CVE-2024-28102

Summary: CVE-2024-28102 affects the Python JWCrypto/JWCrypto implementation. Before 1.5.6, processing a malicious JWE token with a high compression ratio can cause a DoS by consuming excessive memory and CPU time; the vulnerability stems from the token deserialization path. Affected component: py...

6.8CVSS6.3AI score0.0098EPSS
CVE
CVE
added 2024/02/12 2:4 p.m.169 views

CVE-2023-6681

CVE-2023-6681 affects JWCrypto in python-jwcrypto. Root cause: unbounded PBES2 Count value in PBKDF2 enables a DoS when processing crafted JWE tokens; high resource consumption is possible. Documented impact: denial of service (and potential password brute‑force/dictionary pressure). Remediation/...

5.3CVSS5AI score0.00884EPSS
CVE
CVE
added 2016/09/01 11:0 p.m.54 views

CVE-2016-6298

The CVE-2016-6298 issue affects the jwcrypto Python package, specifically the RSA 1.5 implementation (the _Rsa15 class in jwa.py). Before 0.3.2, it lacks the Random Filling protection mechanism, enabling a remote attacker to potentially obtain cleartext data via a Million Message Attack (MMA). Th...

5.3CVSS4.8AI score0.02226EPSS
CVE
CVE
added 2026/04/07 7:35 p.m.25 views

CVE-2026-39373

CVE-2026-39373 affects JWCrypto (Python) prior to 1.5.7. An unauthenticated attacker can trigger memory exhaustion by sending crafted JWE tokens using ZIP compression; a token under 250 KB can decompress to ~100 MB. The fix is version 1.5.7. This follows CVE-2024-28102: while the 250 KB input lim...

5.3CVSS5.9AI score0.00294EPSS