Fedora Account System
Red Hat Associate
Red Hat Customer
In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
This issue has been addressed in the following products: Streams for Apache Kafka 3.2.0 Via RHSA-2026:13571 https://access.redhat.com/errata/RHSA-2026:13571
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Via RHSA-2026:33371 https://access.redhat.com/errata/RHSA-2026:33371
This issue has been addressed in the following products: Streams for Apache Kafka 2.9.4 Via RHSA-2026:34608 https://access.redhat.com/errata/RHSA-2026:34608