RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
- Severity:
- High
Description
Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
Recommendation
Update the jsrsasign package to the latest compatible version. Followings are version details:
- Affected version(s): < 8.0.18
- Patched version(s): 8.0.18
References
- GHSA-xxxq-chmp-67g4
- cve.mitre.org
- kjur.github.io
- vuldb.com
- www.npmjs.com
- security.netapp.com
- CVE-2020-14967
- CWE-119
- CAPEC-310
- OWASP 2021-A6
Related Issues
- RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign - CVE-2020-14968
- Marvin Attack of RSA and RSAOAEP decryption in jsrsasign - CVE-2024-21484
- RSA signature validation vulnerability on maleable encoded message in jsrsasign - CVE-2021-30246
- ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign - CVE-2020-14966
- Tags:
- npm
- jsrsasign
Anything's wrong? Let us know Last updated on January 31, 2023