Jsrsasign Project

Jsrsasign

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-4603

Exploit
  • EPSS 0.01%
  • Veröffentlicht 23.03.2026 05:00:14
  • Zuletzt bearbeitet 29.04.2026 01:00:01

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations...

9.1

CVE-2026-4601

Exploit
  • EPSS 0.02%
  • Veröffentlicht 23.03.2026 05:00:13
  • Zuletzt bearbeitet 29.04.2026 01:00:01

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, ...

9.3

CVE-2026-4599

Exploit
  • EPSS 0.06%
  • Veröffentlicht 23.03.2026 05:00:12
  • Zuletzt bearbeitet 23.03.2026 16:17:45

Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover t...

7.7

CVE-2026-4598

Exploit
  • EPSS 0.08%
  • Veröffentlicht 23.03.2026 05:00:11
  • Zuletzt bearbeitet 23.03.2026 16:18:04

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process per...

7.7

CVE-2026-4602

Exploit
  • EPSS 0.08%
  • Veröffentlicht 23.03.2026 05:00:10
  • Zuletzt bearbeitet 23.03.2026 16:08:58

Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature v...

9.1

CVE-2026-4600

Exploit
  • EPSS 0.02%
  • Veröffentlicht 23.03.2026 05:00:08
  • Zuletzt bearbeitet 29.04.2026 01:00:01

Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-2.0.js). An...

3.2

CVE-2025-45764

  • EPSS 0.01%
  • Veröffentlicht 06.08.2025 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the ...

5.9

CVE-2024-21484

Exploit
  • EPSS 0.24%
  • Veröffentlicht 22.01.2024 05:15:08
  • Zuletzt bearbeitet 21.11.2024 08:54:31

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requ...

9.8

CVE-2022-25898

Exploit
  • EPSS 1.78%
  • Veröffentlicht 01.07.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:53:11

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workar...

9.1

CVE-2021-30246

  • EPSS 0.2%
  • Veröffentlicht 07.04.2021 21:15:16
  • Zuletzt bearbeitet 21.11.2024 06:03:33

In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.