Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.
Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.
https://nvd.nist.gov/vuln/detail/CVE-2020-14967
https://vulners.com/cve/CVE-2020-14967
https://vuldb.com/?id.157124
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
https://github.com/kjur/jsrsasign/issues/439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
github.com/kjur/jsrsasign
github.com/kjur/jsrsasign/issues/439
github.com/kjur/jsrsasign/releases/tag/8.0.17
github.com/kjur/jsrsasign/releases/tag/8.0.18
github.com/kjur/jsrsasign/security/advisories/GHSA-xxxq-chmp-67g4
kjur.github.io/jsrsasign
kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
nvd.nist.gov/vuln/detail/CVE-2020-14967
security.netapp.com/advisory/ntap-20200724-0001
vuldb.com/?id.157124
www.npmjs.com/package/jsrsasign