sha.js Improper Input Validation Vulnerability Allowing Input Data Manipulation
Vulnerability
A vulnerability in sha.js, prior to version 2.4.11, exists due to improper input validation. This flaw allows for input data manipulation, which can lead to various issues, including hash state rewinding and the introduction of crafted data that is processed as if it were legitimate.
Impact
Exploitation of this vulnerability causes a critical hash state rewind, allowing an attacker to manipulate hashed data in a way that could be exploited by cryptographic libraries. This could lead to private key extraction in some cases. Additionally, the vulnerability causes a denial-of-service condition by processing invalid data.
Reproduction
The vulnerability can be reproduced by sending a typed array directly into the hash update method, which older versions of Node.js do not support. This can be done by crafting a payload that includes maliciously formatted data, such as a JSON string that, when parsed, creates an array-like object with invalid length properties. This crafted data can then be fed into the hashing function, demonstrating how the vulnerability manipulates the hash calculation.
Remediation
Users can upgrade to sha.js version 2.4.12 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.