RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

2020-06-26T16:27:08
ID GHSA-XXXQ-CHMP-67G4
Type github
Reporter GitHub Advisory Database
Modified 2020-06-26T16:27:08

Description

Impact

Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.

  • If you don't use RSA PKCS#1 decryption, this vulnerability is not affected.
  • Risk to forge contents of encrypted message is very low.
  • Risk to raise memory corruption is low since jsrsasign uses BigInteger class.

Patches

Users using RSA PKCS#1 v1.5 decryption should upgrade to 8.0.18.

Workarounds

Reject RSA PKCS#1 v1.5 encrypted message with unnecessary prepending zeros.