Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-12972

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.

Published

2017-08-20T16:29:00.237

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-345

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	connect2id	nimbus_jose\+jwt	1.0	Yes
Application	connect2id	nimbus_jose\+jwt	1.1	Yes
Application	connect2id	nimbus_jose\+jwt	1.2	Yes
Application	connect2id	nimbus_jose\+jwt	1.3	Yes
Application	connect2id	nimbus_jose\+jwt	1.4	Yes
Application	connect2id	nimbus_jose\+jwt	1.5	Yes
Application	connect2id	nimbus_jose\+jwt	1.6	Yes
Application	connect2id	nimbus_jose\+jwt	1.7	Yes
Application	connect2id	nimbus_jose\+jwt	1.8	Yes
Application	connect2id	nimbus_jose\+jwt	1.9	Yes
Application	connect2id	nimbus_jose\+jwt	1.9.1	Yes
Application	connect2id	nimbus_jose\+jwt	1.10	Yes
Application	connect2id	nimbus_jose\+jwt	1.11	Yes
Application	connect2id	nimbus_jose\+jwt	1.12	Yes
Application	connect2id	nimbus_jose\+jwt	2.0	Yes
Application	connect2id	nimbus_jose\+jwt	2.0.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.1.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.2	Yes
Application	connect2id	nimbus_jose\+jwt	2.3	Yes
Application	connect2id	nimbus_jose\+jwt	2.4	Yes
Application	connect2id	nimbus_jose\+jwt	2.5	Yes
Application	connect2id	nimbus_jose\+jwt	2.6	Yes
Application	connect2id	nimbus_jose\+jwt	2.7	Yes
Application	connect2id	nimbus_jose\+jwt	2.8	Yes
Application	connect2id	nimbus_jose\+jwt	2.9	Yes
Application	connect2id	nimbus_jose\+jwt	2.10	Yes
Application	connect2id	nimbus_jose\+jwt	2.10.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.11.0	Yes
Application	connect2id	nimbus_jose\+jwt	2.12.0	Yes
Application	connect2id	nimbus_jose\+jwt	2.13.0	Yes
Application	connect2id	nimbus_jose\+jwt	2.13.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.14	Yes
Application	connect2id	nimbus_jose\+jwt	2.15	Yes
Application	connect2id	nimbus_jose\+jwt	2.15.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.15.2	Yes
Application	connect2id	nimbus_jose\+jwt	2.16	Yes
Application	connect2id	nimbus_jose\+jwt	2.17	Yes
Application	connect2id	nimbus_jose\+jwt	2.17.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.17.2	Yes
Application	connect2id	nimbus_jose\+jwt	2.18	Yes
Application	connect2id	nimbus_jose\+jwt	2.18.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.18.2	Yes
Application	connect2id	nimbus_jose\+jwt	2.19	Yes
Application	connect2id	nimbus_jose\+jwt	2.19.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.20	Yes
Application	connect2id	nimbus_jose\+jwt	2.21	Yes
Application	connect2id	nimbus_jose\+jwt	2.22	Yes
Application	connect2id	nimbus_jose\+jwt	2.22.1	Yes
Application	connect2id	nimbus_jose\+jwt	2.23	Yes
Application	connect2id	nimbus_jose\+jwt	2.24	Yes
Application	connect2id	nimbus_jose\+jwt	2.25	Yes
Application	connect2id	nimbus_jose\+jwt	2.26	Yes
Application	connect2id	nimbus_jose\+jwt	2.26.1	Yes
Application	connect2id	nimbus_jose\+jwt	3.0	Yes
Application	connect2id	nimbus_jose\+jwt	3.1	Yes
Application	connect2id	nimbus_jose\+jwt	3.1.1	Yes
Application	connect2id	nimbus_jose\+jwt	3.1.2	Yes
Application	connect2id	nimbus_jose\+jwt	3.2	Yes
Application	connect2id	nimbus_jose\+jwt	3.2.1	Yes
Application	connect2id	nimbus_jose\+jwt	3.2.2	Yes
Application	connect2id	nimbus_jose\+jwt	3.3	Yes
Application	connect2id	nimbus_jose\+jwt	3.4	Yes
Application	connect2id	nimbus_jose\+jwt	3.5	Yes
Application	connect2id	nimbus_jose\+jwt	3.6	Yes
Application	connect2id	nimbus_jose\+jwt	3.7	Yes
Application	connect2id	nimbus_jose\+jwt	3.8	Yes
Application	connect2id	nimbus_jose\+jwt	3.8.1	Yes
Application	connect2id	nimbus_jose\+jwt	3.8.2	Yes
Application	connect2id	nimbus_jose\+jwt	3.9	Yes
Application	connect2id	nimbus_jose\+jwt	3.9.1	Yes
Application	connect2id	nimbus_jose\+jwt	3.9.2	Yes
Application	connect2id	nimbus_jose\+jwt	3.10	Yes
Application	connect2id	nimbus_jose\+jwt	4.0	Yes
Application	connect2id	nimbus_jose\+jwt	4.0.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.1.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.2	Yes
Application	connect2id	nimbus_jose\+jwt	4.3	Yes
Application	connect2id	nimbus_jose\+jwt	4.3.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.4	Yes
Application	connect2id	nimbus_jose\+jwt	4.5	Yes
Application	connect2id	nimbus_jose\+jwt	4.6	Yes
Application	connect2id	nimbus_jose\+jwt	4.7	Yes
Application	connect2id	nimbus_jose\+jwt	4.8	Yes
Application	connect2id	nimbus_jose\+jwt	4.9	Yes
Application	connect2id	nimbus_jose\+jwt	4.10	Yes
Application	connect2id	nimbus_jose\+jwt	4.11	Yes
Application	connect2id	nimbus_jose\+jwt	4.11.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.11.2	Yes
Application	connect2id	nimbus_jose\+jwt	4.12	Yes
Application	connect2id	nimbus_jose\+jwt	4.13	Yes
Application	connect2id	nimbus_jose\+jwt	4.13.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.14	Yes
Application	connect2id	nimbus_jose\+jwt	4.15	Yes
Application	connect2id	nimbus_jose\+jwt	4.15.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.16	Yes
Application	connect2id	nimbus_jose\+jwt	4.16.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.16.2	Yes
Application	connect2id	nimbus_jose\+jwt	4.17	Yes
Application	connect2id	nimbus_jose\+jwt	4.18	Yes
Application	connect2id	nimbus_jose\+jwt	4.19	Yes
Application	connect2id	nimbus_jose\+jwt	4.20	Yes
Application	connect2id	nimbus_jose\+jwt	4.21	Yes
Application	connect2id	nimbus_jose\+jwt	4.22	Yes
Application	connect2id	nimbus_jose\+jwt	4.23	Yes
Application	connect2id	nimbus_jose\+jwt	4.24	Yes
Application	connect2id	nimbus_jose\+jwt	4.25	Yes
Application	connect2id	nimbus_jose\+jwt	4.26	Yes
Application	connect2id	nimbus_jose\+jwt	4.26.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.27	Yes
Application	connect2id	nimbus_jose\+jwt	4.27.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.28	Yes
Application	connect2id	nimbus_jose\+jwt	4.29	Yes
Application	connect2id	nimbus_jose\+jwt	4.30	Yes
Application	connect2id	nimbus_jose\+jwt	4.31	Yes
Application	connect2id	nimbus_jose\+jwt	4.31.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.32	Yes
Application	connect2id	nimbus_jose\+jwt	4.33	Yes
Application	connect2id	nimbus_jose\+jwt	4.34	Yes
Application	connect2id	nimbus_jose\+jwt	4.34.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.34.2	Yes
Application	connect2id	nimbus_jose\+jwt	4.35	Yes
Application	connect2id	nimbus_jose\+jwt	4.36.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.37	Yes
Application	connect2id	nimbus_jose\+jwt	4.37.1	Yes
Application	connect2id	nimbus_jose\+jwt	4.38	Yes

References

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c Third Party Advisory ([email protected])
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc Patch, Third Party Advisory ([email protected])
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt Release Notes, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E ([email protected])
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)