Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
jsrsasign package 缓冲区错误漏洞
Vulnerability Description
jsrsasign package是日本浦岛贤治软件开发者的一款开源的加密库。 jsrsasign package 8.0.18之前版本(Node.js)中存在安全漏洞。攻击者可利用该漏洞导致内存损坏。
CVSS Information
N/A
Vulnerability Type
N/A