You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
If you don't use RSA PKCS1-v1_5 or RSA-OAEP decryption, this vulnerability is not affected.
Risk to forge contents of encrypted message is very low.
Risk to raise memory corruption is low since jsrsasign uses BigInteger class.
Patches
Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.
Workarounds
Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.
Impact
Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.
Patches
Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.
Workarounds
Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.
ACKNOWLEDGEMENT
Thanks to Antonio de la Piedra for reporting this vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-14967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967
https://vuldb.com/?id.157124
https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt
#439
https://tools.ietf.org/html/rfc8017