DEBIAN-CVE-2024-29371

DEBIAN-CVE-2024-29371 PUBLISHED CVSS 7.5 HIGH

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	libjose4j-java	0, 0
Debian:13	libjose4j-java	0, 0

Timeline

Dec 17, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2024-29371 advisory

Open in Interactive Console →