CVE-2017-12972
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-12972
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-12972.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-12972
- Aliases
- Published
- 2017-08-20T16:29:00Z
- Modified
- 2025-10-15T08:45:27.322718Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
- References
-
- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c
- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
Affected packages
Git / bitbucket.org/connect2id/nimbus-jose-jwt
Affected ranges
- Type
- GIT
- Repo
- https://bitbucket.org/connect2id/nimbus-jose-jwt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed0d2bd649ea386539220d4facfe1f65eb1dadb86c
Affected versions
2.*
2.0
2.0.1
2.1
2.1.1
2.10
2.10.1
2.11.0
2.12.0
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.15.2
2.16
2.17
2.17.1
2.17.2
2.18
2.18.1
2.18.2
2.19
2.19.1
2.2
2.20
2.21
2.22
2.22.1
2.23
2.24
2.25
2.26
2.26.1
2.3
2.4
2.5
2.6
2.7
2.8
2.9
3.*
3.0
3.1
3.1.1
3.1.2
3.10
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.8.2
3.9
3.9.1
3.9.2
4.*
4.0
4.0-rc1
4.0-rc2
4.0-rc3
4.0-rc4
4.0.1
4.1
4.1.1
4.10
4.11
4.11.1
4.11.2
4.12
4.13.1
4.14
4.15
4.15.1
4.16
4.16.1
4.16.2
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.26.1
4.27
4.27.1
4.28
4.29
4.3
4.3.1
4.30
4.31.1
4.32
4.33
4.34
4.34.1
4.34.2
4.35
4.36
4.36.1
4.37
4.37.1
4.38
4.4
4.5
4.6
4.7
4.8
4.9
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"168737763824720600879208904081502951545",
"302567068559763296819114101514944017815",
"230869455070445968182594749778657341675",
"283935422213370696407798878291984490947",
"315665346146488759464290514101678114000",
"199114374991634250325189251898026238432",
"329395400188898088948366080947006100789"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/RSA1_5.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-011c9f1e"
},
{
"digest": {
"length": 73.0,
"function_hash": "268383303490108261703502224559116684261"
},
"signature_type": "Function",
"target": {
"function": "size",
"file": "src/main/java/com/nimbusds/jose/jwk/OctetSequenceKey.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-24209499"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"237706141522443329892358720866463998438",
"324010941776266364390120152883005911783",
"243076908048097007417633745113335229211",
"90092983308114395773940124960991546178",
"298837952353261299150420403494590187018",
"282360178354435980873742188674850035098",
"70018380420855359861466606240521456096",
"263259739511378256223257868817627381738",
"294221454441061468944461007536954228932"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AAD.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-2dea60f6"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"307700605187138687526984698875500074150",
"24969852970028678038490162687253090186",
"179287720149843692598401002699231307295",
"8611822431368367361956550746277118573",
"139846294648089010547716477717108683346",
"42428330065101331924202698488332969968",
"61576523446879651083235913902398372676",
"283543066535150811598091479227484072107",
"332603698936186730139759600804147020953",
"86723057084435517126927788261714495506",
"33730488403011083972651898334373226912",
"106429779004582307873726401793362390070"
]
},
"signature_type": "Line",
"target": {
"file": "src/test/java/com/nimbusds/jose/crypto/AADTest.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-3ad8ef96"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"150896086058429499327501026347678103958",
"127227738995467194781179690314379375695",
"109334578001973239677475579002706154918",
"336999666330873705279848479680841962450",
"182380943961269966997496840307966289291",
"72828264218771395126176260508692903621",
"190569358059299257518815577580690324400"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/DirectEncrypter.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-5c14192b"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"232888998697217806484311424362040604452",
"79563156495832145290587017112322441021",
"57946194883724050587184835140952264331",
"237123529249827582402158178937164550961",
"95024887126792259353084271672438692852",
"154281180036102263906323916576001154449",
"181608596495438708160370960987593189150",
"202145710558911091547703732526024783225",
"96273157581862057232781848170114863430",
"183482483933182757021870555633110767476",
"184555146199255596600264346691601187703",
"182377197255264686783348993894973183374",
"331917177960713445851749380386340760277"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/jwk/RSAKey.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-72fa0533"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"268654735462253415356359022392147155873",
"232888998697217806484311424362040604452",
"79563156495832145290587017112322441021",
"57946194883724050587184835140952264331",
"237123529249827582402158178937164550961",
"151689390433282551718270747285611477113",
"335741726761475986209462109989453655687",
"147675954362977689294816009667525421102",
"30846833992337196048724994863608773527",
"213706348147894701945892572411881840022",
"299034758898565177812571422997448420951",
"232147838900057129397269575162405640879",
"135539528210154176132208467093808773800"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/jwk/OctetSequenceKey.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-804e0816"
},
{
"digest": {
"length": 73.0,
"function_hash": "137372075645284302827252804517773606637"
},
"signature_type": "Function",
"target": {
"function": "size",
"file": "src/main/java/com/nimbusds/jose/jwk/RSAKey.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-82725d3c"
},
{
"digest": {
"length": 115.0,
"function_hash": "267913083107651721422318958924185504600"
},
"signature_type": "Function",
"target": {
"function": "testAADLengthComputation",
"file": "src/test/java/com/nimbusds/jose/crypto/AESCBCTest.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-8a14cdd9"
},
{
"digest": {
"length": 284.0,
"function_hash": "94467738440777304089185681095782348238"
},
"signature_type": "Function",
"target": {
"function": "checkCEKLength",
"file": "src/main/java/com/nimbusds/jose/crypto/ContentCryptoProvider.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-ae576bd1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"84137067322283839825205822337526037356",
"278313541754829900208913014945198541762",
"40687950734415644437241196116501371385",
"309755736367940573768786425536160193776",
"328153018022980147790503304506065256713"
]
},
"signature_type": "Line",
"target": {
"file": "src/test/java/com/nimbusds/jose/util/ByteUtilsTest.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-b68ae730"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"32383480734683772536912283883661482549",
"216183336963785789442048893996803442691",
"114014675732776626528332206495647595813",
"335432703739897809560418464042010493720",
"177774681975823394080592514139954930476",
"16455260380068284860945001983399601244",
"85456155979618242410953811571445311300",
"168536106393098167052569216829529988157",
"191605060509175831442191922384617015845"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/util/ByteUtils.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-b6e85c3f"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"279302843528326554557395779506297631570",
"68837334235864258222044474136335456340",
"14262115020304873918660516344339697224",
"320447986941090818350865767914465061256",
"257738106142193723590480276808990837124",
"147420188732514315990170903786702376838",
"244474157375498520664360424264483525082",
"19338943929966105697940344933697594977",
"12598856043775227817307074258382927073",
"192838745515398581135225500166610643490",
"8411702802549003874773765885069598031"
]
},
"signature_type": "Line",
"target": {
"file": "src/test/java/com/nimbusds/jose/crypto/AESCBCTest.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-c2d6fbea"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"95259769531966343370169011042469545778",
"257133433690831533093581837775348808804",
"107437025294458820614269312001728618560",
"283582744454872804025211391269006162651",
"246141335718094425881400271907242195317",
"29152429034532573818640305328156727177",
"11528336840115380978760453684157222839",
"28029004616166714415717697844510934052",
"45613031604441494655983829612457768411",
"99648038163444886854229346973211594848",
"65175936860579601752440798113899978688",
"151003580201633903155967224232462771249",
"5886689539007511441959001973513702650",
"98628318771706111378454557187162171481"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AESGCM.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-c935ca8c"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"134176139255843890709851474652080540785",
"118782986781672275840820227666649687813",
"48256242829436966584423552467560703096",
"37836057034549784497731361307909413673",
"255407985008534538776295696780966296583",
"46007123076665221255259311660713187660",
"141069446923907567482496672188234344416",
"4953700867941580088919641085798716583"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AESGCMKW.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-cc91d1c5"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"266893018196631136950273847994494902683",
"191641946806963940745159115067211258624",
"204796056270814204710025734827567361375",
"174426886261901122973475139626211048955",
"123452958859067139486843269833187153778",
"174853788021889295719684031803472998576",
"297142065400076201898476165046906206534"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/ConcatKDF.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-d47c50ca"
},
{
"digest": {
"length": 189.0,
"function_hash": "100707433899611702456899907145320633374"
},
"signature_type": "Function",
"target": {
"function": "testComputeLength",
"file": "src/test/java/com/nimbusds/jose/crypto/AADTest.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-d8d4b29b"
},
{
"digest": {
"length": 172.0,
"function_hash": "228020516826701200730953980111888843899"
},
"signature_type": "Function",
"target": {
"function": "computeLength",
"file": "src/main/java/com/nimbusds/jose/crypto/AAD.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-ded43979"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"21078211937174734458409276243274658789",
"9054285039619540650250959310326978414",
"110790819663157139460163652315939708175",
"318563159160044263657243974140529051330",
"166623452206966797920479389368044042129",
"66650317482681101803477134811190238077",
"100703764894263545152527047161148048091",
"195910674511004964607185451722007867276",
"321084376093164699119978281208940155466",
"20034503063849651181797521532235023068",
"50591532102752121908100632827925341841",
"206442105900636551799483067050019565663",
"56139014125121889705006378212480633149",
"41994352155316152330082366379179913796",
"235895357285667647191150425397721687714",
"20146359414023215387532113750223017983",
"60593320749049224087091673334326713096",
"47830335370856090526656187295043278372",
"300337235259036803181669253853221169741",
"238311798553611672698954646334488254059",
"321031733456861818975867169638620113766",
"71278082356427553430566389092756273047",
"203722826027740314310702846623001881372",
"178937064782926496451214249959364601087",
"167322751413677435254802986151845803700",
"155021759869974681348123774703751762208",
"80067225297656631308390832034345759315",
"312551636305492808249854060299306503683",
"252823809645143649110428980317899620534",
"149295184096783766341460884248699973350",
"259146910671245054513012657843509219047",
"62514117691234732922398646652092393319",
"46483711304005348015602044559479327401",
"111099870746539484772180212841322540767",
"316998462883691420287048371661179770505",
"220123158629717857665245215489471566311",
"187788301802847784982489370104293444034",
"325179086650008004040331266621952025355"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AESEncrypter.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-e92a4703"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"319815675751253864862173705361896348005",
"253594595926899038914310697694472436084",
"281806858831644348303557717058875824715",
"287895574698526860124967684305276559685",
"185575127317553460140722231693227824343",
"122833615529194558579199571139619496822",
"193473439597586093868069737916981839122",
"292357082084983187564286185051924125907",
"107253612107574492488894243735779009496"
]
},
"signature_type": "Line",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/ContentCryptoProvider.java"
},
"deprecated": false,
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"signature_version": "v1",
"id": "CVE-2017-12972-ebf963b5"
}
]