1. Home
  2. CVEs with refmap.confirm==https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
Max CVSS 5.0 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-12972 5.0
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that differen
16-11-2019 - 02:15 20-08-2017 - 16:29
Back to Top Mark selected
Back to Top