python-jwcrypto

rpms/python-jwcrypto

Fork 0

Commit Graph

Author	SHA1	Message	Date
Rafael Guterres Jeffman	4c6c2f53c0	Fix CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens Backport upstream commit 25db861d to fix CVE-2026-39373. This introduces a maximum plaintext size limit (defaulting to 100MB) during JWE decryption to mitigate memory exhaustion and decompression bomb attacks when processing highly compressed malicious JWE payloads. Resolves: RHEL-166011 Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>	2026-04-16 19:48:48 -03:00

Author

SHA1

Message

Date

Rafael Guterres Jeffman

4c6c2f53c0

Fix CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens

Backport upstream commit 25db861d to fix CVE-2026-39373.
This introduces a maximum plaintext size limit (defaulting to 100MB)
during JWE decryption to mitigate memory exhaustion and decompression
bomb attacks when processing highly compressed malicious JWE payloads.

Resolves: RHEL-166011
Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>

2026-04-16 19:48:48 -03:00

1 Commits