jsrsasign does not properly validate RSA signatures. The decryption implementation does not detect ciphertext modification prepended by \0
bytes to ciphertexts, allowing an attacker to prepend NULL bytes with the goal of triggering memory corruption issues.
CPE | Name | Operator | Version |
---|---|---|---|
jsrsasign | le | 8.0.17 | |
jsrsasign | le | 8.0.17 | |
kjur-jsrsasign | eq | 8.0.12 | |
jsrsasign | le | 8.0.12 | |
kjur-jsrsasign | le | 7.1.2 | |
jsrsasign | le | 8.0.17 | |
jsrsasign | le | 8.0.17 | |
kjur-jsrsasign | eq | 8.0.12 | |
jsrsasign | le | 8.0.12 | |
kjur-jsrsasign | le | 7.1.2 |