CVE-2024-21484
CVSS V2 None
CVSS V3 None
Description
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.
Workaround
The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library.
Overview
- CVE ID
- CVE-2024-21484
- Assigner
- snyk
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-22T05:00:02.087Z
- Last Modified Date
- 2024-03-06T14:09:29.400Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21484 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21484 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 15:24:45 | Added to TrackCVE |