CVE-2020-14967

Name of the Vulnerable Software and Affected Versions jsrsasign versions prior to 8.0.18

Description The issue concerns the RSA PKCS1 v1.5 decryption implementation in the jsrsasign package. It fails to detect ciphertext modification when '0' bytes are prepended to ciphertexts, allowing it to decrypt modified ciphertexts without error. This could potentially be exploited by an attacker to trigger memory corruption issues by prepending these bytes.

Recommendations For versions prior to 8.0.18, update to version 8.0.18 or later to resolve the issue.