Is Nimbus-JOSE-JWT vulnerable to CVE-2022-21449?
Issue #472
resolved
Hi,
Just wondering if there is a concrete unit test, or other verification, that can show that the issue described below doesn't impact this project?
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Thanks!
Josh Mahonin
Comments (10)
-
-
Do you already have concrete information if Nimbus-Jose-JWT is affected (or better not)?
Thank you!
-
- changed status to resolved
Apps are safe, but do make sure you update to the latest 9.21.1, it gets an extra line of defense against CVE exploits:
-
Link to the test:
-
- edited description
Removed reporter’s email address
-
sorry for the stupid question, but the current Version without an update is also already safe but the new version adds additional security?
-
That’s alright. All Nimbus versions are safe in respect to this CVE, and ES*** signatures have been supported since 2013 or so.
-
- edited description
2nd attempt to remove email
-
- changed status to open
Last night it was reported that the DER transcoder will not prevent mod N attacks from reaching the Java ECDSA provider. This means that apps using this lib with Java 15+ runtimes were in fact vulnerable. A patch will be published soon. Stay tuned!
-
- changed status to resolved
Fix: 651580526d8e815420e06abe31c0b4976c4afec9
Released in: 9.22
Updated assessment: https://connect2id.com/blog/cve-2022-21449
- Log in to comment
Hi Josh,
Neil’s test vector with blank
P1363formatted signature gets rejected in the ECDSA.transcodeSignatureToDER method with a JOSEException. We hope to have concrete tests and perhaps a better exception soon.