Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3ZmotbWM4dy1qOXdn

Critical EPSS: 0.0017% (0.39143 Percentile) EPSS:
Permalink JSON

RSA signature validation vulnerability on maleable encoded message in jsrsasign

Affected Packages Affected Versions Fixed Versions
npm:jsrsasign < 10.2.0 10.2.0
731 Dependent packages
8,042 Dependent repositories
2,200,997 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 0.0.2, 0.0.3, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.9.0, 4.9.1, 4.9.2, 5.0.0, 5.0.1, 5.0.2, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.1.0, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 7.0.0, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.5, 7.2.0, 7.2.1, 7.2.2, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.1.4, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 10.1.9, 10.1.10, 10.1.11, 10.1.12, 10.1.13

All unaffected versions

10.2.0, 10.3.0, 10.3.2, 10.4.0, 10.4.1, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 10.5.5, 10.5.6, 10.5.7, 10.5.8, 10.5.9, 10.5.10, 10.5.11, 10.5.12, 10.5.13, 10.5.14, 10.5.15, 10.5.16, 10.5.17, 10.5.18, 10.5.19, 10.5.20, 10.5.21, 10.5.22, 10.5.23, 10.5.24, 10.5.25, 10.5.26, 10.5.27, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.8.2, 10.8.3, 10.8.4, 10.8.5, 10.8.6, 10.9.0, 11.0.0, 11.1.0

Impact

Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding.
Decoded RSA signature value consists following form:
01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo]
Its byte length must be the same as RSA key length, however such checking was not sufficient.

To make crafted message for practical attack is very hard.

Patches

Users validating RSA signature should upgrade to 10.2.0 or later.

Workarounds

There is no workaround. Not to use RSA signature validation in jsrsasign.

ACKNOWLEDGEMENT

Thanks to Daniel Yahyazadeh @yahyazadeh for reporting and analyzing this vulnerability.

References:

Identifiers

GHSA-27fj-mc8w-j9wg

CVE-2021-30246

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.0017

EPSS Percentile: 0.39143

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/kjur/jsrsasign

Date and time

Published

over 4 years ago

Updated

almost 2 years ago

API

JSON