Homepage

jsrsasign@4.9.1 vulnerabilities

opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK)

  • latest version

    11.1.1

  • latest non vulnerable version

    11.1.1

  • first published

    12 years ago

  • latest version published

    1 months ago

  • licenses detected

  • View jsrsasign package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the jsrsasign package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Division by zero

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations (e.g., verify and encryption) to collapse to deterministic zero outputs and hide “invalid key” errors by supplying a JWK whose modulus decodes to zero.

    How to fix Division by zero?

    Upgrade jsrsasign to version 11.1.1 or higher.

    <11.1.1
    • H
    Incorrect Conversion between Numeric Types

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.

    How to fix Incorrect Conversion between Numeric Types?

    Upgrade jsrsasign to version 11.1.1 or higher.

    <11.1.1
    • C
    Missing Cryptographic Step

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature.

    How to fix Missing Cryptographic Step?

    Upgrade jsrsasign to version 11.1.1 or higher.

    <11.1.1
    • C
    Improper Verification of Cryptographic Signature

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An attacker can forge DSA signatures or X.509 certificates that X509.verifySignature() accepts by supplying malicious domain parameters such as g=1, y=1, and a fixed r=1, which make the verification equation true for any hash.

    How to fix Improper Verification of Cryptographic Signature?

    Upgrade jsrsasign to version 11.1.1 or higher.

    <11.1.1
    • H
    Infinite loop

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values (e.g., modInverse(0, m) or modInverse(-1, m)).

    How to fix Infinite loop?

    Upgrade jsrsasign to version 11.1.1 or higher.

    <11.1.1
    • H
    Observable Discrepancy

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Observable Discrepancy via the RSA PKCS#1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.

    How to fix Observable Discrepancy?

    Upgrade jsrsasign to version 11.0.0 or higher.

    <11.0.0
    • H
    Improper Verification of Cryptographic Signature

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake.

    How to fix Improper Verification of Cryptographic Signature?

    Upgrade jsrsasign to version 10.5.25 or higher.

    <10.5.25
    • M
    Cryptographic Weakness

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Cryptographic Weakness. Invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid.

    How to fix Cryptographic Weakness?

    Upgrade jsrsasign to version 10.1.13 or higher.

    <10.1.13
    • M
    Memory Corruption

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Memory Corruption. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.

    How to fix Memory Corruption?

    Upgrade jsrsasign to version 8.0.18 or higher.

    <8.0.18
    • M
    Remote Code Execution (RCE)

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Remote Code Execution (RCE). Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.

    How to fix Remote Code Execution (RCE)?

    Upgrade jsrsasign to version 8.0.18 or higher.

    <8.0.18
    • L
    Signature Bypass

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Signature Bypass. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature.

    How to fix Signature Bypass?

    Upgrade jsrsasign to version 8.0.18 or higher.

    <8.0.18
    • M
    Timing Attack

    jsrsasign is a free pure JavaScript cryptographic library.

    Affected versions of this package are vulnerable to Timing Attack. Practical recovery of the long-term private key generated by the library is possible under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which might allow practical recovery of the long-term private key.

    How to fix Timing Attack?

    Upgrade jsrsasign to version 8.0.13 or higher.

    <8.0.13
    Go back to all versions of this package