CVE-2024-29370 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-29370 Interim 1 1 2025-12-23T01:36:46Z current 2025-12-23T01:36:46Z 2025-12-23T01:36:46Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-29370 In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.6 python-python-jose python311-python-jose python311-python-jose-cryptography python311-python-jose as a component of openSUSE Leap 15.6 python311-python-jose-cryptography as a component of openSUSE Leap 15.6 python-python-jose as a component of openSUSE Leap 15.6 In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. CVE-2024-29370 important 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H