CVE-2023-6681

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
redhatCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
latchsetjwcrypto
𝑥
< 1.5.1
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux_for_arm_64
8.0
redhatenterprise_linux_for_ibm_z_systems
8.0
redhatenterprise_linux_for_power_little_endian
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-jwcrypto
bullseye
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
trixie
1.5.6-1
fixed
sid
1.5.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-jwcrypto
oracular
needed
noble
needed
mantic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:3267
https://access.redhat.com/errata/RHSA-2024:9281
https://access.redhat.com/security/cve/CVE-2023-6681
https://bugzilla.redhat.com/show_bug.cgi?id=2260843
https://access.redhat.com/errata/RHSA-2024:3267
https://access.redhat.com/security/cve/CVE-2023-6681
https://bugzilla.redhat.com/show_bug.cgi?id=2260843