CVE-2017-12972 in JOSE+JWT
Summary
by MITRE
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/11/2026
The vulnerability identified as CVE-2017-12972 affects the Nimbus JOSE+JWT library version 4.38 and earlier, representing a critical security flaw that undermines the integrity of cryptographic operations within the library. This issue specifically targets the conversion process between byte and bit length representations during HMAC validation, creating a pathway for attackers to manipulate authenticated data without detection. The vulnerability stems from the absence of proper integer overflow checking mechanisms within the library's cryptographic processing pipeline, particularly when handling Additional Authenticated Data (AAD) and ciphertext components.
The technical flaw manifests as a missing validation check during the transformation of length values from bytes to bits within the HMAC computation process. When the library processes authenticated data, it fails to verify that the converted bit length values remain within safe integer bounds, allowing attackers to craft malicious inputs that exploit this overflow condition. This oversight enables a sophisticated bypass attack where adversaries can manipulate the positioning of AAD and ciphertext elements in such a way that different plaintext is recovered while maintaining the same HMAC signature. The vulnerability operates at the intersection of cryptographic implementation weakness and input validation failure, creating a scenario where the authentication mechanism becomes effectively useless.
The operational impact of this vulnerability extends beyond simple data integrity concerns, as it fundamentally compromises the security assurances provided by the HMAC mechanism. Attackers can leverage this flaw to perform content substitution attacks where they replace legitimate data with malicious content while preserving the cryptographic signature that should validate authenticity. This capability allows for unauthorized data modification within systems relying on the affected library, potentially leading to data corruption, unauthorized access, or privilege escalation depending on the application context. The vulnerability affects any system utilizing Nimbus JOSE+JWT versions prior to 4.39 where HMAC-based authentication is employed, making it particularly dangerous in environments where cryptographic integrity is paramount.
Security practitioners should immediately upgrade to Nimbus JOSE+JWT version 4.39 or later to remediate this vulnerability, as the fix implements proper integer overflow checks during length conversion operations. Organizations using the affected library should conduct comprehensive security assessments to identify any systems or applications that may be vulnerable, particularly those handling sensitive data through JWT tokens with HMAC signatures. The vulnerability aligns with CWE-191, which describes integer underflow or overflow conditions, and can be categorized under ATT&CK technique T1070.004 for bypassing security controls through cryptographic manipulation. Additionally, this flaw demonstrates characteristics consistent with improper input validation patterns that could be exploited in broader attack scenarios targeting authentication systems, emphasizing the critical need for robust cryptographic library maintenance and security monitoring practices.