Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:45824
HistoryMar 11, 2024 - 6:02 a.m.

Denial Of Service (DoS)

2024-03-1106:02:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
jwx
denial of service
vulnerability
improper checking
decompressed data
malicious input
excessive memory
decompression

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0

Percentile

15.5%

JSON

JWX is vulnerable to Denial of Service (DoS). The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service (DoS) condition by consuming excessive memory during decompression.

Related

osv 30
ibm 2
redhatcve 1
prion 1
nvd 1
cgr 1
vulnrichment 1
cve 1
cvelist 1
wolfi 1
github 1
osv
osv
CGA-mr93-pcjw-6h9p
2024-06-06 12:28:34
CGA-8v47-gjqh-4qx4
2024-06-06 12:25:17
CGA-27vf-hr8r-554x
2024-06-06 12:18:03
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx [CVE-2024-28122]
2024-04-25 18:27:39
Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software
2024-09-27 17:52:49
redhatcve
redhatcve
CVE-2024-28122
2024-03-10 09:37:46
prion
prion
Design/Logic Flaw
2024-03-09 01:15:00
nvd
nvd
CVE-2024-28122
2024-03-09 01:15:06
cgr
cgr
CVE-2024-28122 vulnerabilities
2024-05-19 03:07:16
vulnrichment
vulnrichment
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-09 00:45:50
cve
cve
CVE-2024-28122
2024-03-09 01:15:06
cvelist
cvelist
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-09 00:45:50
wolfi
wolfi
CVE-2024-28122 vulnerabilities
2024-10-01 21:13:23
github
github
JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-08 15:06:53

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for VERACODE:45824
osv30ibm2redhatcve1prion1nvd1cgr1vulnrichment1cve1cvelist1wolfi1github1