cve/2024/CVE-2024-33663.md

CVE-2024-33663

Description

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

POC

Reference

• https://github.com/mpdavis/python-jose/issues/346
• https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663

Github

• https://github.com/BuloZB/BuloCloudSentinel
• https://github.com/HasnainKousar/is601_module14
• https://github.com/blemis/anscomm