GHSA-27FJ-MC8W-J9WG

Vulnerability from github – Published: 2021-04-16 19:52 – Updated: 2023-09-11 18:42
VLAI?
Summary
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Details

Impact

Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding. Decoded RSA signature value consists following form: 01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo] Its byte length must be the same as RSA key length, however such checking was not sufficient.

To make crafted message for practical attack is very hard.

Patches

Users validating RSA signature should upgrade to 10.2.0 or later.

Workarounds

There is no workaround. Not to use RSA signature validation in jsrsasign.

ACKNOWLEDGEMENT

Thanks to Daniel Yahyazadeh @yahyazadeh for reporting and analyzing this vulnerability.

Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jsrsasign"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-30246"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-13T17:30:34Z",
    "nvd_published_at": "2021-04-07T21:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nVulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding.\nDecoded RSA signature value consists following form:\n`01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo]`\nIts byte length must be the same as RSA key length, however such checking was not sufficient.\n\nTo make crafted message for practical attack is very hard.\n\n### Patches\nUsers validating RSA signature should upgrade to 10.2.0 or later.\n\n### Workarounds\nThere is no workaround. Not to use RSA signature validation in jsrsasign.\n\n### ACKNOWLEDGEMENT\nThanks to Daniel Yahyazadeh @yahyazadeh for reporting and analyzing this vulnerability.",
  "id": "GHSA-27fj-mc8w-j9wg",
  "modified": "2023-09-11T18:42:06Z",
  "published": "2021-04-16T19:52:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30246"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/issues/478"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kjur/jsrsasign/releases/tag/10.1.13"
    },
    {
      "type": "WEB",
      "url": "https://kjur.github.io/jsrsasign"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "RSA signature validation vulnerability on maleable encoded message in jsrsasign"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.