jsrsasign Infinite Loop Denial-of-Service Vulnerability in BigInteger.modInverse Function

A denial-of-service vulnerability has been identified in the jsrsasign package, affecting all versions prior to 11.1.1. The issue arises in the BigInteger.modInverse function within ext/jsbn2.js, where the implementation enters an infinite loop when zero or negative inputs are provided. This flaw allows an attacker to permanently hang the process by supplying such crafted values, effectively blocking the Node.js event loop without any timeout or recovery.

Impact

Exploitation of this vulnerability leads to an infinite loop, causing a permanent hang of the Node.js process. This disruption blocks the event loop, with no built-in timeout or recovery mechanism, effectively freezing the application.

Reproduction

The vulnerability can be reproduced by calling the BigInteger.modInverse function with zero or negative values. This can be done by creating a BigInteger instance with the desired value and then calling modInverse with a modulus that does not mitigate the issue. For example, modInverse(0, 3) or modInverse(-1, 7) will trigger the infinite loop.

Remediation

Users are advised to upgrade the jsrsasign package to version 11.1.1 or higher, where this vulnerability has been fixed.