CVE-2021-29445: Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
5.9
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.59538%
CWE
Published
4/19/2021
Updated
3/17/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
jose-node-esm-runtime | npm | < 3.11.4 | 3.11.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from incorrect execution order in AES_CBC_HMAC_SHA2 decryption. The advisory explicitly states HMAC verification and CBC decryption were both always executed, with the timing discrepancy between padding errors (CBC-related) and HMAC failures creating the oracle. The standard JWE decryption flow for these algorithms would be implemented in a function handling both operations, likely named something like hybridDecrypt in AES-CBC-HMAC context. The high confidence comes from: 1) The vulnerability description matches the function's responsibility 2) The patch specifically changes operation order 3) This aligns with JWE specification implementation patterns in JOSE libraries.