9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-14967

GHSA ID

GHSA-xxxq-chmp-67g4

EPSS Score

0.6704%

CWE

CWE-119

Published

6/26/2020

Updated

1/31/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-14967

CVE-2020-14967: RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Impact

Jsrsasign supports RSA PKCS#1 v1.5 (i.e. RSAES-PKCS1-v1_5) and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability.

If you don't use RSA PKCS1-v1_5 or RSA-OAEP decryption, this vulnerability is not affected.
Risk to forge contents of encrypted message is very low.
Risk to raise memory corruption is low since jsrsasign uses BigInteger class.

Patches

Users using RSA PKCS1-v1_5 or RSA-OAEP decryption should upgrade to 8.0.18.

Workarounds

Reject RSA PKCS1-v1_5 or RSA-OAEP encrypted message with unnecessary prepending zeros.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-14967 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14967 https://vuldb.com/?id.157124 https://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Cipher.html#.decrypt https://github.com/kjur/jsrsasign/issues/439

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-14967

GHSA ID

GHSA-xxxq-chmp-67g4

EPSS Score

0.6704%

CWE

CWE-119

Published

6/26/2020

Updated

1/31/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
jsrsasign	npm	< 8.0.18	8.0.18

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper validation of ciphertext format in RSA decryption functions. The patch notes for 8.0.18 specifically mention fixes to RSADecrypt and RSADecryptOAEP in ext/rsa2.js. The NVD description confirms these functions accepted modified ciphertexts with prepended zeros. The GitHub issue #439 and security advisory both reference improper ciphertext validation in PKCS#1 v1.5 and OAEP decryption paths, which are handled by these functions. The functions' role in direct cryptographic processing and explicit mention in patch documentation gives high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Jsrs*si*n supports RS* PK*S#* v*.* (i.*. RS**S-PK*S*-v*_*) *n* RS*-O**P *n*ryption *n* ***ryption. Its *n*rypt** m*ss*** is r*pr*s*nt** *s *i*Int***r. W**n t**r* is * v*li* *n*rypt** m*ss***, * *r**t** m*ss*** wit* pr*p*n*in* z*ros **n **

Reasoning

T** vuln*r**ility st*ms *rom improp*r `v*li**tion` o* *ip**rt*xt *orm*t in RS* ***ryption `*un*tions`. T** p*t** not*s *or *.*.** sp**i*i**lly m*ntion *ix*s to `RS****rypt` *n* `RS****ryptO**P` in `*xt/rs**.js`. T** NV* **s*ription *on*irms t**s* `*u

9.8

Basic Information

Concerned about an active attack path?

CVE-2020-14967: RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Impact

Patches

Workarounds

References

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI