UBUNTU-CVE-2024-29371
- Source
- https://ubuntu.com/security/CVE-2024-29371
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-29371.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-29371
- Upstream
- Published
- 2025-12-17T16:16:00Z
- Modified
- 2025-12-26T06:04:13.780404Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
- References
Affected packages
Ubuntu:22.04:LTS / libjose4j-java
Package
- Name
- libjose4j-java
- Purl
- pkg:deb/ubuntu/libjose4j-java@0.7.7-2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS / libjose4j-java
Package
- Name
- libjose4j-java
- Purl
- pkg:deb/ubuntu/libjose4j-java@0.7.12-2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10 / libjose4j-java
Package
- Name
- libjose4j-java
- Purl
- pkg:deb/ubuntu/libjose4j-java@0.9.6-1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.04 / libjose4j-java
Package
- Name
- libjose4j-java
- Purl
- pkg:deb/ubuntu/libjose4j-java@0.9.6-1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected