Lucene search

GoogleOSV:GHSA-XXXQ-CHMP-67G4

HistoryJun 26, 2020 - 4:27 p.m.

RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

2020-06-2616:27:08

Google

osv.dev

9.6 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.7%

JSON

Impact

Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.

If you don’t use RSA PKCS1-v1_5 or RSA-OAEP decryption, this vulnerability is not affected.
Risk to forge contents of encrypted message is very low.
Risk to raise memory corruption is low since jsrsasign uses BigInteger class.

Patches

Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.

Workarounds

Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14967
https://vulners.com/cve/CVE-2020-14967
https://vuldb.com/?id.157124
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
https://github.com/kjur/jsrsasign/issues/439

CPENameOperatorVersion
jsrsasignlt8.0.18

CPE	Name	Operator	Version
	jsrsasign	lt	8.0.18

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967

github.com/kjur/jsrsasign

github.com/kjur/jsrsasign/issues/439

github.com/kjur/jsrsasign/releases/tag/8.0.17

github.com/kjur/jsrsasign/releases/tag/8.0.18

github.com/kjur/jsrsasign/security/advisories/GHSA-xxxq-chmp-67g4

kjur.github.io/jsrsasign

kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt

nvd.nist.gov/vuln/detail/CVE-2020-14967

security.netapp.com/advisory/ntap-20200724-0001

vuldb.com/?id.157124

www.npmjs.com/package/jsrsasign