CVE-2023-6681

2024-02-1214:15:08

Debian Security Bug Tracker

security-tracker.debian.org

jwcrypto

vulnerability

denial of service

resource-intensive

password brute-force

dictionary attacks

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

7.1

Confidence

High

EPSS

Percentile

15.5%

JSON

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

OSVersionArchitecturePackageVersionFilename
Debian12allpython-jwcrypto<= 1.1.0-1+deb12u1python-jwcrypto_1.1.0-1+deb12u1_all.deb
Debian11allpython-jwcrypto<= 0.8.0-1python-jwcrypto_0.8.0-1_all.deb
Debian999allpython-jwcrypto< 1.5.4-1python-jwcrypto_1.5.4-1_all.deb
Debian13allpython-jwcrypto< 1.5.4-1python-jwcrypto_1.5.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	python-jwcrypto	<= 1.1.0-1+deb12u1	python-jwcrypto_1.1.0-1+deb12u1_all.deb
Debian	11	all	python-jwcrypto	<= 0.8.0-1	python-jwcrypto_0.8.0-1_all.deb
Debian	999	all	python-jwcrypto	< 1.5.4-1	python-jwcrypto_1.5.4-1_all.deb
Debian	13	all	python-jwcrypto	< 1.5.4-1	python-jwcrypto_1.5.4-1_all.deb