Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4ZjUtaGZxYy1qZ2No
Padding Oracle Attack due to Observable Timing Discrepancy in jose
jose is an npm library providing a number of cryptographic operations.
Impact
AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block).
Patches
All major release versions have had a patch released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are ^1.28.1 || ^2.0.5 || >=3.11.4.
Users should upgrade their v1.x dependency to ^1.28.1, their v2.x dependency to ^2.0.5, and their v3.x dependency to ^3.11.4
Credits
Thanks to Morgan Brown of Microsoft for bringing this up and Eva Sarafianou (@esarafianou) for helping to score this advisory.
Permalink: https://github.com/advisories/GHSA-58f5-hfqc-jgchJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4ZjUtaGZxYy1qZ2No
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: about 1 year ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-58f5-hfqc-jgch, CVE-2021-29443
References:
- https://github.com/panva/jose/security/advisories/GHSA-58f5-hfqc-jgch
- https://www.npmjs.com/package/jose
- https://nvd.nist.gov/vuln/detail/CVE-2021-29443
- https://github.com/advisories/GHSA-58f5-hfqc-jgch
Blast Radius: 28.0
Affected Packages
npm:jose
Dependent packages: 1,109Dependent repositories: 54,898
Downloads: 37,692,973 last month
Affected Version Ranges: >= 3.0.0, < 3.11.4, >= 2.0.0, < 2.0.5, >= 1.0.0, < 1.28.1
Fixed in: 3.11.4, 2.0.5, 1.28.1
All affected versions: 1.9.2, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.12.0, 1.12.1, 1.13.0, 1.14.0, 1.15.0, 1.15.1, 1.16.0, 1.16.1, 1.16.2, 1.17.0, 1.17.1, 1.17.2, 1.18.0, 1.18.1, 1.18.2, 1.19.0, 1.20.0, 1.21.0, 1.21.1, 1.22.0, 1.22.1, 1.22.2, 1.23.0, 1.24.0, 1.24.1, 1.25.0, 1.25.1, 1.25.2, 1.26.0, 1.26.1, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.28.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1, 3.8.0, 3.9.0, 3.10.0, 3.11.0, 3.11.1, 3.11.2, 3.11.3
All unaffected versions: 0.1.0, 0.2.0, 0.3.1, 0.3.2, 1.28.1, 1.28.2, 2.0.5, 2.0.6, 2.0.7, 3.11.4, 3.11.5, 3.11.6, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.13.0, 3.14.0, 3.14.1, 3.14.2, 3.14.3, 3.14.4, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.15.5, 3.16.0, 3.16.1, 3.17.0, 3.18.0, 3.19.0, 3.20.0, 3.20.1, 3.20.2, 3.20.3, 3.20.4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1, 4.3.0, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.4.0, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.8.0, 4.8.1, 4.8.3, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.12.0, 4.12.1, 4.12.2, 4.13.0, 4.13.1, 4.13.2, 4.14.0, 4.14.1, 4.14.2, 4.14.3, 4.14.4, 4.14.5, 4.14.6, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.15.4, 4.15.5, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4