CVE-2023-6681

Summary

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 88100020240417004735.143e9e98 < *unaffected
Red HatRed Hat Enterprise Linux 88100020240416171943.823393f5 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.5.6-2.el9 < *unaffected

Weaknesses

  • CWE-400: Uncontrolled Resource Consumption

Workarounds

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References