UBUNTU-CVE-2024-29371
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 17 Dec 2025, 16:16
Last modified:20 May 2026, 16:17
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Dec 2025, 16:16
Published
Vulnerability first disclosed
20 May 2026, 16:17
Last Modified
Vulnerability information updated
Description
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Systems
- ubuntu•libjose4j-java
all | all | all | all