CVE-2021-30246

Name of the Vulnerable Software and Affected Versions jsrsasign versions through 10.1.13

Description The issue concerns the validation of RSA PKCS#1 v1.5 signatures. Specifically, some invalid signatures are mistakenly recognized as valid due to insufficient checking of the decoded RSA signature value. This value consists of a specific form: 01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo], and its byte length must match the RSA key length. However, crafting a message for a practical attack is considered very hard. There is no known practical attack.

Recommendations For versions through 10.1.13, upgrade to 10.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RSA signature validation in jsrsasign until a patch is applied.