CVE-2020-14967: RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.6704%
CWE
Published
6/26/2020
Updated
1/31/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
jsrsasign | npm | < 8.0.18 | 8.0.18 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper validation
of ciphertext format in RSA decryption functions
. The patch notes for 8.0.18 specifically mention fixes to RSADecrypt
and RSADecryptOAEP
in ext/rsa2.js
. The NVD description confirms these functions
accepted modified ciphertexts with prepended zeros. The GitHub issue #439 and security advisory both reference improper ciphertext validation
in PKCS#1
v1.5 and OAEP
decryption paths, which are handled by these functions
. The functions'
role in direct cryptographic processing and explicit mention in patch documentation gives high confidence.