7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.7%
Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.
Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.
https://nvd.nist.gov/vuln/detail/CVE-2020-14967
https://vulners.com/cve/CVE-2020-14967
https://vuldb.com/?id.157124
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
https://github.com/kjur/jsrsasign/issues/439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
github.com/advisories/GHSA-xxxq-chmp-67g4
github.com/kjur/jsrsasign/issues/439
github.com/kjur/jsrsasign/releases/tag/8.0.17
github.com/kjur/jsrsasign/releases/tag/8.0.18
github.com/kjur/jsrsasign/security/advisories/GHSA-xxxq-chmp-67g4
kjur.github.io/jsrsasign/
kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
nvd.nist.gov/vuln/detail/CVE-2020-14967
security.netapp.com/advisory/ntap-20200724-0001/
vuldb.com/?id.157124
www.npmjs.com/package/jsrsasign
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.017 Low
EPSS
Percentile
87.7%