LibJWT JWK Parsing Vulnerability in RSA-PSS and Octet Algorithms Allowing Type Confusion

A vulnerability in LibJWT's JWK parsing for RSA-PSS and Octet (HS) algorithms, present in versions 3.0.0 prior to 3.3.0, allowed for type confusion by exploiting the parser's expectation of JSON string values. A crafted JWK file could substitute integers for strings, leading to potential misinterpretation of the data. This issue has been addressed in version 3.3.0. The 2.x series of LibJWT is not affected as it lacks JWK parsing functionality.

Impact

Exploitation of this vulnerability could lead to type confusion, where the parser incorrectly interprets data types, potentially causing logical errors or unexpected behavior in applications that rely on the affected JWK parsing functionality.

Reproduction

To reproduce this vulnerability, create a JWK file for RSA-PSS or Octet (HS) algorithms that includes integers in fields expected to contain strings. Import this JWK file using a version of LibJWT between 3.0.0 and 3.3.0.

Remediation

Users should update to LibJWT version 3.3.0 or later. For those who cannot update, it is recommended to avoid using JWK files from untrusted sources and to refrain from using JWK files with RSA-PSS or HS keys.