GHSA-xxxq-chmp-67g4

Source

https://github.com/advisories/GHSA-xxxq-chmp-67g4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-xxxq-chmp-67g4/GHSA-xxxq-chmp-67g4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xxxq-chmp-67g4

Aliases

CVE-2020-14967

Published

2020-06-26T16:27:08Z

Modified

2023-11-08T04:02:28.135196Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Details

Impact

Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.

If you don't use RSA PKCS1-v1_5 or RSA-OAEP decryption, this vulnerability is not affected.
Risk to forge contents of encrypted message is very low.
Risk to raise memory corruption is low since jsrsasign uses BigInteger class.

Patches

Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.

Workarounds

Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14967 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967 https://vuldb.com/?id.157124 https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt https://github.com/kjur/jsrsasign/issues/439

Database specific

{
    "nvd_published_at": "2020-06-22T12:15:00Z",
    "cwe_ids": [
        "CWE-119"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-26T16:26:32Z"
}

References

Affected packages

npm / jsrsasign

Package

Name: jsrsasign; View open source insights on deps.dev
Purl: pkg:npm/jsrsasign

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.18