GHSA-27fj-mc8w-j9wg

Suggest an improvement
Source
https://github.com/advisories/GHSA-27fj-mc8w-j9wg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-27fj-mc8w-j9wg/GHSA-27fj-mc8w-j9wg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-27fj-mc8w-j9wg
Aliases
Published
2021-04-16T19:52:35Z
Modified
2023-11-08T04:05:45.910717Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Details

Impact

Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding. Decoded RSA signature value consists following form: 01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo] Its byte length must be the same as RSA key length, however such checking was not sufficient.

To make crafted message for practical attack is very hard.

Patches

Users validating RSA signature should upgrade to 10.2.0 or later.

Workarounds

There is no workaround. Not to use RSA signature validation in jsrsasign.

ACKNOWLEDGEMENT

Thanks to Daniel Yahyazadeh @yahyazadeh for reporting and analyzing this vulnerability.

Database specific 
{
    "nvd_published_at": "2021-04-07T21:15:00Z",
    "cwe_ids": [
        "CWE-347"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-13T17:30:34Z"
}
References

Affected packages

npm / jsrsasign

Package

Name
jsrsasign
View open source insights on deps.dev
Purl
pkg:npm/jsrsasign

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.2.0