Lucene search
Veracode Vulnerability DatabaseVERACODE:25744HistoryJun 23, 2020 - 3:45 a.m.
Insecure RSA Signature Validation
2020-06-2303:45:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.017 Low
EPSS
Percentile
87.7%
jsrsasign does not properly validate RSA signatures. The decryption implementation does not detect ciphertext modification prepended by \0 bytes to ciphertexts, allowing an attacker to prepend NULL bytes with the goal of triggering memory corruption issues.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jsrsasign | le | 8.0.17 | |
| jsrsasign | le | 8.0.17 | |
| kjur-jsrsasign | eq | 8.0.12 | |
| jsrsasign | le | 8.0.12 | |
| kjur-jsrsasign | le | 7.1.2 | |
| jsrsasign | le | 8.0.17 | |
| jsrsasign | le | 8.0.17 | |
| kjur-jsrsasign | eq | 8.0.12 | |
| jsrsasign | le | 8.0.12 | |
| kjur-jsrsasign | le | 7.1.2 |
Related
osv
osv
CVE-2020-14967
2020-06-22 12:15:10
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
2020-06-26 16:27:08
cve
cve
CVE-2020-14967
2020-06-22 12:15:10
cvelist
cvelist
CVE-2020-14967
2020-06-22 11:19:35
nvd
nvd
CVE-2020-14967
2020-06-22 12:15:10
github
github
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
2020-06-26 16:27:08
prion
prion
Memory corruption
2020-06-22 12:15:00