Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ybTh2LW14ajMtNXJtcc4AAz3K
github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack
Summary
Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability.
Details
On v2.0.10, decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding":
Reporting padding error causes Padding Oracle Attack Vulnerability.
RFC 7516 JSON Web Encryption (JWE) says that we MUST NOT do this.
11.5. Timing Attacks
To mitigate the attacks described in RFC 3218 [RFC3218], the
recipient MUST NOT distinguish between format, padding, and length
errors of encrypted keys. It is strongly recommended, in the event
of receiving an improperly formatted key, that the recipient
substitute a randomly generated CEK and proceed to the next step, to
mitigate timing attacks.
In addition, the time to remove padding depends on the length of the padding.
It may leak the length of the padding by Timing Attacks.
To mitigate Timing Attacks, it MUST be done in constant time.
Impact
The authentication tag is verified, so it is not an immediate attack.
Permalink: https://github.com/advisories/GHSA-rm8v-mxj3-5rmqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybTh2LW14ajMtNXJtcc4AAz3K
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 11 months ago
Identifiers: GHSA-rm8v-mxj3-5rmq
References:
- https://github.com/lestrrat-go/jwx/security/advisories/GHSA-rm8v-mxj3-5rmq
- https://github.com/lestrrat-go/jwx/commit/6c41e3822485fc7e11dd70b4b0524b075d66b103
- https://github.com/lestrrat-go/jwx/commit/d9ddbc8e5009cfdd8c28413390b67afa7f576dd6
- https://github.com/lestrrat-go/jwx/blob/796b2a9101cf7e7cb66455e4d97f3c158ee10904/jwe/internal/aescbc/aescbc.go#L33-L66
- https://github.com/lestrrat-go/jwx/blob/8840ffd4afc5839f591ff0e9ba9034af52b1643e/jwe/internal/aescbc/aescbc.go#L210-L213
- https://github.com/advisories/GHSA-rm8v-mxj3-5rmq
Blast Radius: 0.0
Affected Packages
go:github.com/lestrrat-go/jwx
Dependent packages: 1,295Dependent repositories: 2,884
Downloads:
Affected Version Ranges: <= 1.2.25
Fixed in: 1.2.26
All affected versions: 0.9.0, 0.9.1, 0.9.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15, 1.2.16, 1.2.17, 1.2.18, 1.2.19, 1.2.20, 1.2.21, 1.2.22, 1.2.23, 1.2.24, 1.2.25
All unaffected versions: 1.2.26, 1.2.27, 1.2.28
go:github.com/lestrrat-go/jwx/v2
Dependent packages: 439Dependent repositories: 301
Downloads:
Affected Version Ranges: <= 2.0.10
Fixed in: 2.0.11
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10
All unaffected versions: 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19