CVE-2020-14967: Buffer Overflow
First published: Mon Jun 22 2020(Updated: )
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jsrsasign Project Jsrsasign | <8.0.18 | |
| Netapp Max Data |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14967?
CVE-2020-14967 is a vulnerability in the jsrsasign package before version 8.0.18 for Node.js. It allows attackers to decrypt modified ciphertexts without error.
What is the severity of CVE-2020-14967?
CVE-2020-14967 has a severity rating of 9.8 (critical).
How does CVE-2020-14967 affect the jsrsasign package?
CVE-2020-14967 affects the jsrsasign package before version 8.0.18 for Node.js.
How can I fix CVE-2020-14967?
To fix CVE-2020-14967, update the jsrsasign package to version 8.0.18 or later.
What is CWE-119?
CWE-119 is a common weakness and exposure that refers to a flaw in the software's cryptographic security mechanism.
- collector/nvd-index
- agent/severity
- agent/author
- agent/event
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/jsrsasign project
- canonical/jsrsasign project jsrsasign
- vendor/netapp
- canonical/netapp max data