CVE-2024-21484
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
Las versiones del paquete jsrsasign anteriores a 11.0.0 son vulnerables a la discrepancia observable a través del proceso de descifrado RSA PKCS1.5 o RSAOAEP. Un atacante puede descifrar textos cifrados aprovechando esta vulnerabilidad. Explotar esta vulnerabilidad requiere que el atacante tenga acceso a una gran cantidad de textos cifrados con la misma clave. Workaround esta vulnerabilidad se puede mitigar buscando y reemplazando el descifrado RSA y RSAOAEP con otra librería criptográfica.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-12-22 CVE Reserved
- 2024-01-22 CVE Published
- 2024-02-28 EPSS Updated
- 2024-10-21 CVE Updated
- 2024-10-21 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://people.redhat.com/~hkario/marvin |
URL | Date | SRC |
---|---|---|
https://github.com/kjur/jsrsasign/issues/598 | 2024-10-21 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Jsrsasign Project Search vendor "Jsrsasign Project" | Jsrsasign Search vendor "Jsrsasign Project" for product "Jsrsasign" | < 11.0.0 Search vendor "Jsrsasign Project" for product "Jsrsasign" and version " < 11.0.0" | node.js |
Affected
|