5.3

CVE-2023-6681

Jwcrypto: denail of service via specifically crafted jwe

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.88% 0.544
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://access.redhat.com/errata/RHSA-2024:3267
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9281
https://access.redhat.com/security/cve/CVE-2023-6681
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2260843
Third Party Advisory
Issue Tracking