CVE-2024-21484

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Jan 22, 2024

Updated: Mar 6, 2024

CWE ID 203

Summary

CVE-2024-21484 is a cybersecurity vulnerability affecting versions of the jsrsasign package prior to 11.0.0. This issue allows an attacker to decrypt RSA-encrypted data through the exploitation of the Marvin security flaw during the PKCS1.5 or RSAOAEP decryption process. The attacker must have access to a significant number of ciphertexts encrypted with the same key to execute this vulnerability. A workaround involves replacing RSA and RSAOAEP decryption functions with alternative crypto libraries to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Jsrsasign Project Jsrsasign

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uPDKRc
https://www.cve.org/CVERecord?id=CVE-2024-21484
https://nvd.nist.gov/vuln/detail/CVE-2024-21484

Back to Vulnerability Database

CVE-2024-21484

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations