QSearchQSearch

CVE-2020-14968

9.8 CRITICAL

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js

Published: 2020-06-22 · Last updated: 2026-06-22

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-119

Affected products

VendorProduct
kjurjsrsasign, max_data
netappjsrsasign, max_data

Description

An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-22134 When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because... (4.2 MEDIUM)
  • CVE-2024-21262 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC) (6.5 MEDIUM)
  • CVE-2024-43374 The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling (4.5 MEDIUM)
  • CVE-2023-21968 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (3.7 LOW)
  • CVE-2023-28531 ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints (9.8 CRITICAL)

Same CWE

  • CVE-2026-12330 Incorrect boundary conditions in the Internationalization component (5.4 MEDIUM)
  • CVE-2026-12329 Memory safety bug fixed in Thunderbird ESR 140.12 (5.3 MEDIUM)
  • CVE-2026-12327 Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (7.3 HIGH)
  • CVE-2026-12326 Memory safety bugs present in Firefox 151 and Thunderbird 151 (7.3 HIGH)
  • CVE-2026-12318 Incorrect boundary conditions in the Libraries component in NSS (7.3 HIGH)