CVE-2021-30246

CRITICAL9.1EPSS 0.20%

RSA signature validation vulnerability on maleable encoded message in jsrsasign

Published: 4/16/2021Modified: 11/8/2023

Description

### Impact Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding. Decoded RSA signature value consists following form: `01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo]` Its byte length must be the same as RSA key length, however such checking was not sufficient. To make crafted message for practical attack is very hard. ### Patches Users validating RSA signature should upgrade to 10.2.0 or later. ### Workarounds There is no workaround. Not to use RSA signature validation in jsrsasign. ### ACKNOWLEDGEMENT Thanks to Daniel Yahyazadeh @yahyazadeh for reporting and analyzing this vulnerability.

Affected packages (1)

npm/jsrsasignfrom 0, < 10.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-30246
WEBhttps://github.com/kjur/jsrsasign/issues/478
WEBhttps://github.com/kjur/jsrsasign/releases/tag/10.1.13
WEBhttps://github.com/kjur/jsrsasign/security/advisories/GHSA-27fj-mc8w-j9wg
WEBhttps://kjur.github.io/jsrsasign