Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "36435077182769648824144539200763482764", "221225405666008085863157926433643063529", "248275944443145673308968769694312607101", "320447986941090818350865767914465061256", "257738106142193723590480276808990837124", "190253527059679348300378316158431539755", "15674162120766882722956143379512560123" ] }, "id": "CVE-2017-12973-83ba7880", "source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@6a29f10f723f406eb25555f55842c59a43a38912", "signature_version": "v1", "signature_type": "Line", "target": { "file": "src/test/java/com/nimbusds/jose/crypto/AESCBCTest.java" }, "deprecated": false }, { "digest": { "function_hash": "30873108536757750440668463301508600213", "length": 831.0 }, "id": "CVE-2017-12973-8fddb8aa", "source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@6a29f10f723f406eb25555f55842c59a43a38912", "signature_version": "v1", "signature_type": "Function", "target": { "file": "src/main/java/com/nimbusds/jose/crypto/AESCBC.java", "function": "decryptAuthenticated" }, "deprecated": false }, { "digest": { "function_hash": "236213427891800737982253186864940241476", "length": 1109.0 }, "id": "CVE-2017-12973-bc84ece8", "source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@6a29f10f723f406eb25555f55842c59a43a38912", "signature_version": "v1", "signature_type": "Function", "target": { "file": "src/main/java/com/nimbusds/jose/crypto/AESCBC.java", "function": "decryptWithConcatKDF" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "35018700141178900754895011799387586413", "23210894372056268032297871442564513847", "102375337653080225852646387558193098844", "143802061001915409894760621002970574355", "186448877813480750470093697857407943500", "156186524451473883298028680057499734344", "314799720785399631741077152447637097045", "332890821269199314396999039272601680450", "115380475547764836096130112939018077308", "112515943459359502487605947776116967647", "172612522757869334105109761993727279884", "142039361351170592512047791599796892391", "95946088047134294800092685466486312825", "60152373669270615370440034498579187985", "280492070757543771453027851327819029791", "221403414440494563007614824018889324485", "1894466923688934958026594011629943405", "59741151086996169066197142383462513440", "233078262287712076948859519221598030403", "30861009376071704210913003331615204446", "332947917171967944776808918114577282512", "18136453160694785944270925616851898192", "40475491843953653643162699661677929363", "151246875674351598710595633477384636928", "322974018495388437913836007418169443313", "76069166384751547997871421196598149788", "44437097317994459278761123799175645327", "277190829670493988396513370163311149761", "94546924572782216804672716981269134975", "82318690769468239319429518385763591879" ] }, "id": "CVE-2017-12973-f4fd57ce", "source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@6a29f10f723f406eb25555f55842c59a43a38912", "signature_version": "v1", "signature_type": "Line", "target": { "file": "src/main/java/com/nimbusds/jose/crypto/AESCBC.java" }, "deprecated": false } ] }