CVE-2017-12972
- Source
- https://cve.org/CVERecord?id=CVE-2017-12972
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12972.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12972
- Aliases
- Published
- 2017-08-20T16:29:00.237Z
- Modified
- 2026-03-15T14:25:05.117812Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
- References
-
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c
- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
Affected packages
Git / bitbucket.org/connect2id/nimbus-jose-jwt
Affected ranges
- Type
- GIT
- Repo
- https://bitbucket.org/connect2id/nimbus-jose-jwt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedf46fe5204828a77b7a7c34977de9284e0da26085Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc39fd533e1a2afb0dbf3a0a80cc7e133df3503cdIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected16938e48a683842bb4a8cf81344a08c8d02af101Introduced0 Unknown introduced commit / All previous commits are affectedLast affected42096005870f2be0840d17af510d21b1f9d95648Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedbcb78841651aaac220a3c857309e0d02f393325aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedd0f284444dc96e76b4d992f8da15c25c9f3fec6dIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected64d6763c2b504d63d2ec7cccbfd86a3d8c36937fIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected3707387db908239bee2f6c437e5796ab392eb532Introduced0 Unknown introduced commit / All previous commits are affectedLast affected8744df687643f441ca1235ca63be3fa622feba9aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affecteda739a00e9de30d7e75467f53e1c21e99e89f5a41Introduced0 Unknown introduced commit / All previous commits are affectedLast affected46b6438a020b96e0d4551213fb499ebd8d6ec1c0Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedea357274a93e803015e4affffa564dec3fba4cdeIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedb0774608c16bff268b713ab471688ec98bcee078Introduced0 Unknown introduced commit / All previous commits are affectedLast affected99cc3fc18c1d4ef0091a715c846cc4f4d10ad88aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected8ff584e4f40101d673784c6d85fe6d9c369fc2e0Introduced0 Unknown introduced commit / All previous commits are affectedLast affected0ff01e2c9939c902905e388e88e5e561bda27cc7Introduced0 Unknown introduced commit / All previous commits are affectedLast affected89971de57e3521b1b65ea136f44453d6d71cc841Introduced0 Unknown introduced commit / All previous commits are affectedLast affected6b32baa2a3611472549f80af91a6e75787040fcbIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected3f3cec6645e80faf09df40ac0132bf0b7ce156beIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedf3ad809ddf50b1442640f5cd2308eae803b566f4Introduced0 Unknown introduced commit / All previous commits are affectedLast affected8b9add2057f35df26556c8b8dd2434a216bf3a87Introduced0 Unknown introduced commit / All previous commits are affectedLast affected3c79413f21d429d47bb3f4cee22574e31a382204Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedecf4111cf11dcaa44430c45fc35a8149cfd90e82Introduced0 Unknown introduced commit / All previous commits are affectedLast affectede53958565dea00420769661ed94ca3e7133e8c04Introduced0 Unknown introduced commit / All previous commits are affectedLast affected17bf7e98cb6b13b3d11461d422a27381fc371fe9Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedee07c609f8aa625e48cb5a9455455125b929723aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected073aeaf2bcad47904eb49544ec147d680f3fe8a0Introduced0 Unknown introduced commit / All previous commits are affectedLast affected80a8ba9b533d3b6886ee01f53cc8c295b29683abIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedbfd51549672b45c4393d2a430f451df608220f39Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteded2ded2e2735994daef84cf83fdd0af361a3ba4fIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedfcd1704e82f2bfeacd2914d4b5cb00475f57de2bIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected5e704b9d55f52b89d33012391fae0ebbbf70673bIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected6d864f89c7e74c28e5e6444bdf29fc51047f080cIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected2ba1a1d09b25a7604eefc051edfea3961512d30aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected0c54cb1a4803fe78c1ea1c73b6ed5860fb62b43eIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected9a2d296c9b794822df310d626855dfaf4797f14dIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected1b532214deddd34239fe4d2ae06939d17dcef80eIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectede9aa051ded07a045f86ea551b98b6751d751fa72Introduced0 Unknown introduced commit / All previous commits are affectedLast affected4e862c3859d3e9e31722eff6d8155650b2e545f3Introduced0 Unknown introduced commit / All previous commits are affectedLast affected8783eab65f9c16fe7feed35c49b5e3a94fc3601aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected671e13555f637ea2c5b33187a23cac9dff9d87c7Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedb41f8774365bd6aacc69093c0ca648ebbbb7fdcaIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected362f0c7a86b4397a10139b48774d12ab113d27a3Introduced0 Unknown introduced commit / All previous commits are affectedLast affected0fd8dfb7f0f722b279dad214cecb876ca5fca91cIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedab79d723cb62794a96aa542786e4c282f7bc4cfdIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected73d2710e7c56472106a90982a2a135de761135f8Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedafb5226b9f8b3ed6fc8aca3494d1fd472eb36d1dIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected295c5034658416df2312871bc0b0af1f4475f35fIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedac9ba30a377bcd1e040ee458bffabb17f5d85772Introduced0 Unknown introduced commit / All previous commits are affectedLast affected842cd224f595c1fb8f4db418ba66f6925ee6d70bIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected0e91d9799a42dc5e6638a897e962414b31c25c86Introduced0 Unknown introduced commit / All previous commits are affectedLast affected90a838f74ff7856965673d93ae83befb9d80d1e9Introduced0 Unknown introduced commit / All previous commits are affectedLast affected9f3faa7e046846ab56d011f11c09dcf53e26decbIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected991ecab39ee43dcfa5f5e91f2948d62c5cc01a91Introduced0 Unknown introduced commit / All previous commits are affectedLast affectede264ae0de8e66ff7614c3c364e81fb5bccd9ce45Introduced0 Unknown introduced commit / All previous commits are affectedLast affected544cff98876459ff03c324b2c56ab9e35791ae4cIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected89fc3c25a4a1e65258b6a30691077cd92e49ec14Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedcd53f212222ccb998d8bf6d8d2b13a3b02a1c9bfIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedc0e3e41c12a3e4359c634f0cf267520c5e862117Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteda527b228ad299b94ef13697d59d15261fdbfea01Introduced0 Unknown introduced commit / All previous commits are affectedLast affected8506d379b4575652b1b0870299aeffc3364927c3Introduced0 Unknown introduced commit / All previous commits are affectedLast affected83cf2551766628a8ad3718ff71bf2557aab2825aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected2fbdbdb2f35e21178ae60bbfe57224c8fa5e4b0eIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected849830f9cfbda8c4a3025b2d77c5609bb8f24772Introduced0 Unknown introduced commit / All previous commits are affectedLast affected31822f1a9992909548360eddff96032c6c4fc7a0Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteddb580fd45d2c19b315a3fc3ccaabcd7442568bc5Introduced0 Unknown introduced commit / All previous commits are affectedLast affected6d22bc70ae407d4d0e7983e741111e8988b429a4Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedd455801bc959b66240d265472f3bf768c2fffbf8Introduced0 Unknown introduced commit / All previous commits are affectedLast affectede065e6a13e7bdd3797f20750f0d25e38e0eb2d8eIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected492cd4bc6a2068e601971332966d3e6b0aef3656Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc3020ab6b3b5329492d4ca28818595a8070e8ccdIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected4b57f15e1dfa5d8c3d94500d46e1c09c78d94965Introduced0 Unknown introduced commit / All previous commits are affectedLast affected0c03dfef56d0d748c8121a89f54efdc7754882eaIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedf4ad6a5e0529cdcff2757d2b55cd89fe82b307a5Introduced0 Unknown introduced commit / All previous commits are affectedLast affected5bc8ad03cd121d8fd502a5c82383410ddd8dfca8Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedebb9336616bdb51ac8d464d57a9d41ce3ecc7f5aIntroduced0 Unknown introduced commit / All previous commits are affectedLast affecteda67eb00fd3b6cda5d74bace244b579a53c5000feIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected7214a423200134cdc4aee7a70dd0b0e33bd7e675Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc869160f4fccd63fa6442b26a478ae7aca17e763Introduced0 Unknown introduced commit / All previous commits are affectedLast affected0f9af30697a8c706358a9e46f45cbbdcb081c995Introduced0 Unknown introduced commit / All previous commits are affectedLast affected3810eb0a96565e7768cd54bf734dfea373ecc561Introduced0 Unknown introduced commit / All previous commits are affectedLast affected106881b20a2969dc0dcc55a742a78b049cf4b5f3Introduced0 Unknown introduced commit / All previous commits are affectedLast affected1e4f0d2f4ed50186548ca32b502243cb5508d264Introduced0 Unknown introduced commit / All previous commits are affectedLast affectede7b8d6657370994005e27e58025eb90e8a6b098fIntroduced0 Unknown introduced commit / All previous commits are affectedLast affecteda86e92a106173a2b012a1ded20fc69f4971afdf1Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedf03742e505a739acf6261afaeee8b19a27e1c6f1Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedfd21bb3bb4454a56ed672c0ffafb5fa0c55d43b8Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedf0a173620065f366778630ee039aa2a1a76c3f4dIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected7928a228f94161f152a3a955b8f471324b0511f3Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteda90c7f219778f2a70957d6d86af54425a1a157c5Introduced0 Unknown introduced commit / All previous commits are affectedLast affected87d0c1d6b653a365cd3c6ffee03d5d5fcd30e70dIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedbf723cd790e03cb23b0f4d0a7315d3458ebc42ebIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected3589f86cbea7ab2f2c9f0b4fe644c7a860bd86f4Introduced0 Unknown introduced commit / All previous commits are affectedLast affected9cae02ca2b5735559fdebfdca945053cd7c10a70Introduced0 Unknown introduced commit / All previous commits are affectedLast affected66f8d476bb1b705544767069b939171baac3482eIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected80db8e6cdaaddce71fb78d17d2cb08707006acd0Introduced0 Unknown introduced commit / All previous commits are affectedLast affected1912aef94251e54a45b8f28b86c75fbe7fa6c860Introduced0 Unknown introduced commit / All previous commits are affectedLast affected70414de2c00a0628dae538654d9094122014f2e7Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedee2317efcec38d03517e6e95be84b038ffd7a526Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedebf1347b70056b25b6e135c2996c3ce6a154a0a1Introduced0 Unknown introduced commit / All previous commits are affectedLast affected009022104cae4f5cb28b919b6828d95ae883c669Introduced0 Unknown introduced commit / All previous commits are affectedLast affected74c82682fd98d6f2dffd51395cdeadffc4a220e4Introduced0 Unknown introduced commit / All previous commits are affectedLast affected74c82682fd98d6f2dffd51395cdeadffc4a220e4Introduced0 Unknown introduced commit / All previous commits are affectedLast affected53eb866d2ef01ccc36e6ef891765244eaae18857Introduced0 Unknown introduced commit / All previous commits are affectedLast affected1baeb60744db3802777ddb7893392f0da6a57967Introduced0 Unknown introduced commit / All previous commits are affectedLast affected8b65b0da5f0e4f0999b88fa797f103e44f9d88a2Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedc17067f1b75dbd6d112c4462daedbec19b948ea7Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteddb122fb5d1833922c78c0e7028827435de00b964Introduced0 Unknown introduced commit / All previous commits are affectedLast affecteda33e4cda470bdd8d33d7074d4ed5ab721297e514Introduced0 Unknown introduced commit / All previous commits are affectedLast affected2097539c2fbb25e1ecbdd133dcf5e37fd78ade47Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedb5f4e693e8ca8a96b0e1e8e5059467a96bb0eabaIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected45fdecef2e282567764e44311b50bbc86ff6924fIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedfb7850e081d2f04b889dec3e1d18f5bbc45c7f23Fixed0d2bd649ea386539220d4facfe1f65eb1dadb86c
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.0" }, { "introduced": "0" }, { "last_affected": "2.0.1" }, { "introduced": "0" }, { "last_affected": "2.1" }, { "introduced": "0" }, { "last_affected": "2.1.1" }, { "introduced": "0" }, { "last_affected": "2.2" }, { "introduced": "0" }, { "last_affected": "2.3" }, { "introduced": "0" }, { "last_affected": "2.4" }, { "introduced": "0" }, { "last_affected": "2.5" }, { "introduced": "0" }, { "last_affected": "2.6" }, { "introduced": "0" }, { "last_affected": "2.7" }, { "introduced": "0" }, { "last_affected": "2.8" }, { "introduced": "0" }, { "last_affected": "2.9" }, { "introduced": "0" }, { "last_affected": "2.10" }, { "introduced": "0" }, { "last_affected": "2.10.1" }, { "introduced": "0" }, { "last_affected": "2.11.0" }, { "introduced": "0" }, { "last_affected": "2.12.0" }, { "introduced": "0" }, { "last_affected": "2.13.0" }, { "introduced": "0" }, { "last_affected": "2.13.1" }, { "introduced": "0" }, { "last_affected": "2.14" }, { "introduced": "0" }, { "last_affected": "2.15" }, { "introduced": "0" }, { "last_affected": "2.15.1" }, { "introduced": "0" }, { "last_affected": "2.15.2" }, { "introduced": "0" }, { "last_affected": "2.16" }, { "introduced": "0" }, { "last_affected": "2.17" }, { "introduced": "0" }, { "last_affected": "2.17.1" }, { "introduced": "0" }, { "last_affected": "2.17.2" }, { "introduced": "0" }, { "last_affected": "2.18" }, { "introduced": "0" }, { "last_affected": "2.18.1" }, { "introduced": "0" }, { "last_affected": "2.18.2" }, { "introduced": "0" }, { "last_affected": "2.19" }, { "introduced": "0" }, { "last_affected": "2.19.1" }, { "introduced": "0" }, { "last_affected": "2.20" }, { "introduced": "0" }, { "last_affected": "2.21" }, { "introduced": "0" }, { "last_affected": "2.22" }, { "introduced": "0" }, { "last_affected": "2.22.1" }, { "introduced": "0" }, { "last_affected": "2.23" }, { "introduced": "0" }, { "last_affected": "2.24" }, { "introduced": "0" }, { "last_affected": "2.25" }, { "introduced": "0" }, { "last_affected": "2.26" }, { "introduced": "0" }, { "last_affected": "2.26.1" }, { "introduced": "0" }, { "last_affected": "3.0" }, { "introduced": "0" }, { "last_affected": "3.1" }, { "introduced": "0" }, { "last_affected": "3.1.1" }, { "introduced": "0" }, { "last_affected": "3.1.2" }, { "introduced": "0" }, { "last_affected": "3.2" }, { "introduced": "0" }, { "last_affected": "3.2.1" }, { "introduced": "0" }, { "last_affected": "3.2.2" }, { "introduced": "0" }, { "last_affected": "3.3" }, { "introduced": "0" }, { "last_affected": "3.4" }, { "introduced": "0" }, { "last_affected": "3.5" }, { "introduced": "0" }, { "last_affected": "3.6" }, { "introduced": "0" }, { "last_affected": "3.7" }, { "introduced": "0" }, { "last_affected": "3.8" }, { "introduced": "0" }, { "last_affected": "3.8.1" }, { "introduced": "0" }, { "last_affected": "3.8.2" }, { "introduced": "0" }, { "last_affected": "3.9" }, { "introduced": "0" }, { "last_affected": "3.9.1" }, { "introduced": "0" }, { "last_affected": "3.9.2" }, { "introduced": "0" }, { "last_affected": "3.10" }, { "introduced": "0" }, { "last_affected": "4.0" }, { "introduced": "0" }, { "last_affected": "4.0.1" }, { "introduced": "0" }, { "last_affected": "4.1" }, { "introduced": "0" }, { "last_affected": "4.1.1" }, { "introduced": "0" }, { "last_affected": "4.2" }, { "introduced": "0" }, { "last_affected": "4.3" }, { "introduced": "0" }, { "last_affected": "4.3.1" }, { "introduced": "0" }, { "last_affected": "4.4" }, { "introduced": "0" }, { "last_affected": "4.5" }, { "introduced": "0" }, { "last_affected": "4.6" }, { "introduced": "0" }, { "last_affected": "4.7" }, { "introduced": "0" }, { "last_affected": "4.8" }, { "introduced": "0" }, { "last_affected": "4.9" }, { "introduced": "0" }, { "last_affected": "4.10" }, { "introduced": "0" }, { "last_affected": "4.11" }, { "introduced": "0" }, { "last_affected": "4.11.1" }, { "introduced": "0" }, { "last_affected": "4.11.2" }, { "introduced": "0" }, { "last_affected": "4.12" }, { "introduced": "0" }, { "last_affected": "4.13" }, { "introduced": "0" }, { "last_affected": "4.13.1" }, { "introduced": "0" }, { "last_affected": "4.14" }, { "introduced": "0" }, { "last_affected": "4.15" }, { "introduced": "0" }, { "last_affected": "4.15.1" }, { "introduced": "0" }, { "last_affected": "4.16" }, { "introduced": "0" }, { "last_affected": "4.16.1" }, { "introduced": "0" }, { "last_affected": "4.16.2" }, { "introduced": "0" }, { "last_affected": "4.17" }, { "introduced": "0" }, { "last_affected": "4.18" }, { "introduced": "0" }, { "last_affected": "4.19" }, { "introduced": "0" }, { "last_affected": "4.20" }, { "introduced": "0" }, { "last_affected": "4.21" }, { "introduced": "0" }, { "last_affected": "4.22" }, { "introduced": "0" }, { "last_affected": "4.23" }, { "introduced": "0" }, { "last_affected": "4.24" }, { "introduced": "0" }, { "last_affected": "4.25" }, { "introduced": "0" }, { "last_affected": "4.26" }, { "introduced": "0" }, { "last_affected": "4.26.1" }, { "introduced": "0" }, { "last_affected": "4.27" }, { "introduced": "0" }, { "last_affected": "4.27.1" }, { "introduced": "0" }, { "last_affected": "4.28" }, { "introduced": "0" }, { "last_affected": "4.29" }, { "introduced": "0" }, { "last_affected": "4.30" }, { "introduced": "0" }, { "last_affected": "4.31" }, { "introduced": "0" }, { "last_affected": "4.31.1" }, { "introduced": "0" }, { "last_affected": "4.32" }, { "introduced": "0" }, { "last_affected": "4.33" }, { "introduced": "0" }, { "last_affected": "4.34" }, { "introduced": "0" }, { "last_affected": "4.34.1" }, { "introduced": "0" }, { "last_affected": "4.34.2" }, { "introduced": "0" }, { "last_affected": "4.35" }, { "introduced": "0" }, { "last_affected": "4.36.1" }, { "introduced": "0" }, { "last_affected": "4.37" }, { "introduced": "0" }, { "last_affected": "4.37.1" }, { "introduced": "0" }, { "last_affected": "4.38" } ] }
Affected versions
2.*
2.0
2.0.1
2.1
2.1.1
2.10
2.10.1
2.11.0
2.12.0
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.15.2
2.16
2.17
2.17.1
2.17.2
2.18
2.18.1
2.18.2
2.19
2.19.1
2.2
2.20
2.21
2.22
2.22.1
2.23
2.24
2.25
2.26
2.26.1
2.3
2.4
2.5
2.6
2.7
2.8
2.9
3.*
3.0
3.1
3.1.1
3.1.2
3.10
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.8.2
3.9
3.9.1
3.9.2
4.*
4.0
4.0-rc1
4.0-rc2
4.0-rc3
4.0-rc4
4.0.1
4.1
4.1.1
4.10
4.11
4.11.1
4.11.2
4.12
4.13.1
4.14
4.15
4.15.1
4.16
4.16.1
4.16.2
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.26.1
4.27
4.27.1
4.28
4.29
4.3
4.3.1
4.30
4.31.1
4.32
4.33
4.34
4.34.1
4.34.2
4.35
4.36
4.36.1
4.37
4.37.1
4.38
4.4
4.5
4.6
4.7
4.8
4.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12972.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.9.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.12"
}
]
}
]
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"168737763824720600879208904081502951545",
"302567068559763296819114101514944017815",
"230869455070445968182594749778657341675",
"283935422213370696407798878291984490947",
"315665346146488759464290514101678114000",
"199114374991634250325189251898026238432",
"329395400188898088948366080947006100789"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-011c9f1e",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/RSA1_5.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "268383303490108261703502224559116684261",
"length": 73.0
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-24209499",
"target": {
"file": "src/main/java/com/nimbusds/jose/jwk/OctetSequenceKey.java",
"function": "size"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"237706141522443329892358720866463998438",
"324010941776266364390120152883005911783",
"243076908048097007417633745113335229211",
"90092983308114395773940124960991546178",
"298837952353261299150420403494590187018",
"282360178354435980873742188674850035098",
"70018380420855359861466606240521456096",
"263259739511378256223257868817627381738",
"294221454441061468944461007536954228932"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-2dea60f6",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AAD.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"307700605187138687526984698875500074150",
"24969852970028678038490162687253090186",
"179287720149843692598401002699231307295",
"8611822431368367361956550746277118573",
"139846294648089010547716477717108683346",
"42428330065101331924202698488332969968",
"61576523446879651083235913902398372676",
"283543066535150811598091479227484072107",
"332603698936186730139759600804147020953",
"86723057084435517126927788261714495506",
"33730488403011083972651898334373226912",
"106429779004582307873726401793362390070"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-3ad8ef96",
"target": {
"file": "src/test/java/com/nimbusds/jose/crypto/AADTest.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"150896086058429499327501026347678103958",
"127227738995467194781179690314379375695",
"109334578001973239677475579002706154918",
"336999666330873705279848479680841962450",
"182380943961269966997496840307966289291",
"72828264218771395126176260508692903621",
"190569358059299257518815577580690324400"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-5c14192b",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/DirectEncrypter.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"232888998697217806484311424362040604452",
"79563156495832145290587017112322441021",
"57946194883724050587184835140952264331",
"237123529249827582402158178937164550961",
"95024887126792259353084271672438692852",
"154281180036102263906323916576001154449",
"181608596495438708160370960987593189150",
"202145710558911091547703732526024783225",
"96273157581862057232781848170114863430",
"183482483933182757021870555633110767476",
"184555146199255596600264346691601187703",
"182377197255264686783348993894973183374",
"331917177960713445851749380386340760277"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-72fa0533",
"target": {
"file": "src/main/java/com/nimbusds/jose/jwk/RSAKey.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"268654735462253415356359022392147155873",
"232888998697217806484311424362040604452",
"79563156495832145290587017112322441021",
"57946194883724050587184835140952264331",
"237123529249827582402158178937164550961",
"151689390433282551718270747285611477113",
"335741726761475986209462109989453655687",
"147675954362977689294816009667525421102",
"30846833992337196048724994863608773527",
"213706348147894701945892572411881840022",
"299034758898565177812571422997448420951",
"232147838900057129397269575162405640879",
"135539528210154176132208467093808773800"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-804e0816",
"target": {
"file": "src/main/java/com/nimbusds/jose/jwk/OctetSequenceKey.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "137372075645284302827252804517773606637",
"length": 73.0
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-82725d3c",
"target": {
"file": "src/main/java/com/nimbusds/jose/jwk/RSAKey.java",
"function": "size"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "267913083107651721422318958924185504600",
"length": 115.0
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-8a14cdd9",
"target": {
"file": "src/test/java/com/nimbusds/jose/crypto/AESCBCTest.java",
"function": "testAADLengthComputation"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "94467738440777304089185681095782348238",
"length": 284.0
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-ae576bd1",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/ContentCryptoProvider.java",
"function": "checkCEKLength"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"84137067322283839825205822337526037356",
"278313541754829900208913014945198541762",
"40687950734415644437241196116501371385",
"309755736367940573768786425536160193776",
"328153018022980147790503304506065256713"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-b68ae730",
"target": {
"file": "src/test/java/com/nimbusds/jose/util/ByteUtilsTest.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"32383480734683772536912283883661482549",
"216183336963785789442048893996803442691",
"114014675732776626528332206495647595813",
"335432703739897809560418464042010493720",
"177774681975823394080592514139954930476",
"16455260380068284860945001983399601244",
"85456155979618242410953811571445311300",
"168536106393098167052569216829529988157",
"191605060509175831442191922384617015845"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-b6e85c3f",
"target": {
"file": "src/main/java/com/nimbusds/jose/util/ByteUtils.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"279302843528326554557395779506297631570",
"68837334235864258222044474136335456340",
"14262115020304873918660516344339697224",
"320447986941090818350865767914465061256",
"257738106142193723590480276808990837124",
"147420188732514315990170903786702376838",
"244474157375498520664360424264483525082",
"19338943929966105697940344933697594977",
"12598856043775227817307074258382927073",
"192838745515398581135225500166610643490",
"8411702802549003874773765885069598031"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-c2d6fbea",
"target": {
"file": "src/test/java/com/nimbusds/jose/crypto/AESCBCTest.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"95259769531966343370169011042469545778",
"257133433690831533093581837775348808804",
"107437025294458820614269312001728618560",
"283582744454872804025211391269006162651",
"246141335718094425881400271907242195317",
"29152429034532573818640305328156727177",
"11528336840115380978760453684157222839",
"28029004616166714415717697844510934052",
"45613031604441494655983829612457768411",
"99648038163444886854229346973211594848",
"65175936860579601752440798113899978688",
"151003580201633903155967224232462771249",
"5886689539007511441959001973513702650",
"98628318771706111378454557187162171481"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-c935ca8c",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AESGCM.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"134176139255843890709851474652080540785",
"118782986781672275840820227666649687813",
"48256242829436966584423552467560703096",
"37836057034549784497731361307909413673",
"255407985008534538776295696780966296583",
"46007123076665221255259311660713187660",
"141069446923907567482496672188234344416",
"4953700867941580088919641085798716583"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-cc91d1c5",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AESGCMKW.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"266893018196631136950273847994494902683",
"191641946806963940745159115067211258624",
"204796056270814204710025734827567361375",
"174426886261901122973475139626211048955",
"123452958859067139486843269833187153778",
"174853788021889295719684031803472998576",
"297142065400076201898476165046906206534"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-d47c50ca",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/ConcatKDF.java"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "100707433899611702456899907145320633374",
"length": 189.0
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-d8d4b29b",
"target": {
"file": "src/test/java/com/nimbusds/jose/crypto/AADTest.java",
"function": "testComputeLength"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "228020516826701200730953980111888843899",
"length": 172.0
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-ded43979",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AAD.java",
"function": "computeLength"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"21078211937174734458409276243274658789",
"9054285039619540650250959310326978414",
"110790819663157139460163652315939708175",
"318563159160044263657243974140529051330",
"166623452206966797920479389368044042129",
"66650317482681101803477134811190238077",
"100703764894263545152527047161148048091",
"195910674511004964607185451722007867276",
"321084376093164699119978281208940155466",
"20034503063849651181797521532235023068",
"50591532102752121908100632827925341841",
"206442105900636551799483067050019565663",
"56139014125121889705006378212480633149",
"41994352155316152330082366379179913796",
"235895357285667647191150425397721687714",
"20146359414023215387532113750223017983",
"60593320749049224087091673334326713096",
"47830335370856090526656187295043278372",
"300337235259036803181669253853221169741",
"238311798553611672698954646334488254059",
"321031733456861818975867169638620113766",
"71278082356427553430566389092756273047",
"203722826027740314310702846623001881372",
"178937064782926496451214249959364601087",
"167322751413677435254802986151845803700",
"155021759869974681348123774703751762208",
"80067225297656631308390832034345759315",
"312551636305492808249854060299306503683",
"252823809645143649110428980317899620534",
"149295184096783766341460884248699973350",
"259146910671245054513012657843509219047",
"62514117691234732922398646652092393319",
"46483711304005348015602044559479327401",
"111099870746539484772180212841322540767",
"316998462883691420287048371661179770505",
"220123158629717857665245215489471566311",
"187788301802847784982489370104293444034",
"325179086650008004040331266621952025355"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-e92a4703",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/AESEncrypter.java"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"319815675751253864862173705361896348005",
"253594595926899038914310697694472436084",
"281806858831644348303557717058875824715",
"287895574698526860124967684305276559685",
"185575127317553460140722231693227824343",
"122833615529194558579199571139619496822",
"193473439597586093868069737916981839122",
"292357082084983187564286185051924125907",
"107253612107574492488894243735779009496"
],
"threshold": 0.9
},
"source": "https://bitbucket.org/connect2id/nimbus-jose-jwt@0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"id": "CVE-2017-12972-ebf963b5",
"target": {
"file": "src/main/java/com/nimbusds/jose/crypto/ContentCryptoProvider.java"
}
}
]