ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
- Severity:
- High
Description
Jsrsasign supports ECDSA signature validation which signature value is represented by ASN.1 DER encoding. This vulnerablity may accept a wrong ASN.1 DER encoded ECDSA signature such as:
- wrong multi-byte ASN.1 length of TLV (ex. 0x820045 even though 0x45 is correct)
- prepending zeros with ASN.1 INTEGER value (ex.
Recommendation
Update the jsrsasign package to the latest compatible version. Followings are version details:
- Affected version(s): >= 4.0.0, < 8.0.19
- Patched version(s): 8.0.19
References
- GHSA-p8c3-7rj8-q963
- cve.mitre.org
- kjur.github.io
- vuldb.com
- www.npmjs.com
- security.netapp.com
- CVE-2020-14966
- CWE-347
- CAPEC-310
- OWASP 2021-A2
- OWASP 2021-A6
Related Issues
- CouchAuth has a Server-Side Template Injection vulnerability in its email functionality - CVE-2024-57177
- Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 - CVE-2025-66202
- Marvin Attack of RSA and RSAOAEP decryption in jsrsasign - CVE-2024-21484
- Unauthenticated Denial of Service in the octokit/webhooks library (GHSA-pwfr-8pq7-x9qv) - CVE-2023-50728
- Tags:
- npm
- jsrsasign
Anything's wrong? Let us know Last updated on January 31, 2023