jsrsasign Division by Zero Vulnerability in RSA Public Key Handling

A division by zero vulnerability has been identified in the jsrsasign cryptographic library, affecting versions prior to 11.1.1. The issue arises in the RSA public key parsing process, where a JSON Web Key (JWK) with a modulus that decodes to zero can be accepted. This malformed key leads to RSA operations, such as verification and encryption, producing deterministic zero outputs. The vulnerability is compounded by the library's BigInteger division logic, which silently returns zero instead of throwing an error. As a result, applications that import RSA keys from untrusted sources and rely on the library's validation may unknowingly accept invalid keys, potentially undermining the confidentiality of encrypted data.

Impact

Exploitation of this vulnerability allows for the acceptance of zero-modulus RSA keys, which can cause RSA operations to produce incorrect results, such as always returning zero. This behavior can be exploited to create key-substitution attacks in contexts where an attacker can influence the public key used for encryption, effectively undermining the confidentiality of the encrypted data.

Reproduction

The vulnerability can be reproduced by importing a JWK that contains a modulus value of zero into an application using jsrsasign version 11.1.0 or earlier. This can be done by encoding a zero byte in base64url format and including it in the JWK as the modulus. Once the key is imported, any RSA operation that uses the public key will return zero, demonstrating the flawed handling of the zero modulus.

Remediation

Users can upgrade to jsrsasign version 11.1.1 or later, where this vulnerability has been fixed.