Описание
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the modPow function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
Отчет
This is an IMPORTANT flaw. The jsrsasign library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the modPow function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Affected | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-console-plugin-rhel9 | Will not fix | ||
| Red Hat Quay 3 | quay/quay-rhel9 | Affected | ||
| Red Hat Quay 3.1 | quay/quay-rhel8 | Fixed | RHSA-2026:6912 | 07.04.2026 |
| Red Hat Quay 3.12 | quay/quay-rhel8 | Fixed | RHSA-2026:6720 | 06.04.2026 |
| Red Hat Quay 3.15 | quay/quay-rhel8 | Fixed | RHSA-2026:6568 | 03.04.2026 |
| Red Hat Quay 3.9 | quay/quay-rhel8 | Fixed | RHSA-2026:6926 | 07.04.2026 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.
jsrsasign: Negative Exponent Handling Leads to Signature Verification Bypass
EPSS
7.5 High
CVSS3