Impact
The vulnerability originates in the Miller‑Rabin primality routine used by the Deno crypto module. When the 'checks' option defaults to zero, the function performs no probabilistic rounds and relies solely on trial division by primes up to 17,863. Any composite number whose smallest prime divisor exceeds that bound—such as the product of 17,881 and 17,891—incorrectly passes as probably prime. This flaw, classified as CWE‑325, allows developers to generate cryptographic key candidates that are not truly prime, weakening the security of asymmetric algorithms and exposing systems to factorization attacks. The issue affects the node:crypto.checkPrime and related native ops and is fixed in Deno version 2.8.1.
Affected Systems
Vendors and products affected are Deno, maintained by denoland:deno, for all releases prior to version 2.8.1. The vulnerability is present in Deno 2.8.0 and earlier, regardless of operating system or environment, because the flawed function is part of the core runtime.
Risk and Exploitability
The CVSS score of 7.4 indicates a high severity. The EPSS score is not listed, so the current data does not specify exploitation probability. The vulnerability is not in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires execution of code that calls the affected crypto.checkPrime APIs, meaning the threat is limited to applications running with the vulnerable Deno runtime. An attacker could use the function to generate insecure keys or supply crafted parameters that bypass the intended security checks. However, no publicly available exploits are reported, and mitigation is simply to update to a fixed release.
OpenCVE Enrichment
Github GHSA