7 matches found
CVE-2021-30246
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
@ampproject/toolbox-update-cache (>=2.7.1 <=2.8.0-canary.15), @apolitical/apis-client (>=1.0.0 <=1.1.5) +32 more potentially affected by CVE-2021-30246 via jsrsasign (>=0.0.3 <=10.1.8)
jsrsasign NPM version =0.0.3, =2.7.1, =1.0.0, =1.0.0, =0.1.24, =0.2.0, =0.0.11, =1.0.1, =0.8.1, =0.1.0, =0.0.1, =0.0.4 - bitcore-litecoin =0.8.5 - bitcore-mnemonic-litecoin =1.1.1 and more Source cves: CVE-2021-30246 Source advisory: OSV:GHSA-H87Q-G2WP-47PJ...
RSA signature validation vulnerability
Overview Impact Vulnerable versions of jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length shall be the same as RSA key length however such checking was not sufficien...
@ampproject/toolbox-update-cache (>=2.7.1 <=2.8.0-canary.15), @apolitical/apis-client (>=1.0.0 <=1.1.5) +32 more potentially affected by CVE-2021-30246 via jsrsasign (>=0.0.3 <=10.1.8)
jsrsasign NPM version =0.0.3, =2.7.1, =1.0.0, =1.0.0, =0.1.24, =0.2.0, =0.0.11, =1.0.1, =0.8.1, =0.1.0, =0.0.1, =0.0.4 - bitcore-litecoin =0.8.5 - bitcore-mnemonic-litecoin =1.1.1 and more Source cves: CVE-2021-30246 Source advisory: OSV:GHSA-27FJ-MC8W-J9WG...
CVE-2021-30246
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
CVE-2021-30246
In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack...
CVE-2021-30246
CVE-2021-30246 affects the jsrsasign package (Node.js) up to version 10.1.13, where some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized as valid. The issue is described as a vulnerability in signature validation with no widely known practical attack, and patches upgrade guidance exi...