#VU24175 Integer overflow in Nimbus JOSE+JWT
Vulnerability identifier: #VU24175
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-190
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Nimbus JOSE+JWT
Universal components / Libraries /
Libraries used by multiple products
Vendor: Connect2id Ltd.
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to integer overflow when converting length values from bytes to bits in Nimbus JOSE+JWT. A remote attacker can shift Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC, trigger integer overflow and bypass HMAC authentication.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Nimbus JOSE+JWT: 4.0 - 4.39
External links
http://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c
http://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
http://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
http://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
