Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
Users using RSA PKCS#1 v1.5 decryption should upgrade to 8.0.18.
Reject RSA PKCS#1 v1.5 encrypted message with unnecessary prepending zeros.