How severe is CVE-2021-29446?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-29446?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2021-29446 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be thrown. But a possibly observable difference in timing when padding error would occur while decrypting the ciphertext makes a padding oracle and an adversary might be able to make use of that oracle to decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). A patch was released which ensures the HMAC tag is verified before performing CBC decryption. The fixed versions are `>=3.11.4`. Users should upgrade to `^3.11.4`.

Related Vulnerabilities

CVE-2015-0837

MEDIUM

CVSS:5.9(Medium)

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during mod...

CWE-2032015

CVE-2015-8313

MEDIUM

CVSS:5.9(Medium)

GnuTLS incorrectly validates the first byte of padding in CBC modes

CWE-2032015

CVE-2016-0762

MEDIUM

CVSS:5.9(Medium)

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied...

CWE-2032016

CVE-2017-1000385

MEDIUM

CVSS:5.9(Medium)

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's priva...

CWE-2032017

CVE-2017-13098

MEDIUM

CVSS:5.9(Medium)

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using...

CWE-2032017

CVE-2017-13099

MEDIUM

CVSS:5.9(Medium)

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL ...

CWE-2032017