cve/CVE-2024-21484.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.

Workaround

The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.

POC

Reference

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732
https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731

Github

https://github.com/diotoborg/laudantium-itaque-esse
https://github.com/f1stnpm2/nobis-minima-odio
https://github.com/firanorg/et-non-error
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/kjur/jsrsasign
https://github.com/zibuthe7j11/repellat-sapiente-quas

1.8 KiB Raw Blame History

CVE-2024-21484

Description

POC

Reference

Github

1.8 KiB

Raw Blame History