CVE-2023-6681

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

Published: Feb 12, 2024
Updated: Apr 19, 2024
CVE: CVE-2023-6681
GHSA: GHSA-cw2r-4p82-qv79
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
jwcrypto	-	1.5.1
latchset / jwcrypto	-	1.5.1
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_for_power_little_endian	8.0	8.0.x
redhat / enterprise_linux_for_ibm_z_systems	8.0	8.0.x
redhat / enterprise_linux	9.0	9.0.x
fedoraproject / fedora	38	38.x
redhat / enterprise_linux_for_arm_64	8.0	8.0.x
fedoraproject / fedora	39	39.x

https://access.redhat.com/errata/RHSA-2024:3267
https://access.redhat.com/errata/RHSA-2024:9281
https://access.redhat.com/security/cve/CVE-2023-6681
https://bugzilla.redhat.com/show_bug.cgi?id=2260843
https://github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8
https://github.com/latchset/jwcrypto/security/advisories/GHSA-cw2r-4p82-qv79

Vulnerability Database

289,599

CVE-2023-6681