ghsa-p4qw-7j9g-5h53
Vulnerability from github
Published
2025-04-07 21:11
Modified
2025-04-08 17:49
Severity ?
6.9 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation
Details

Impact

Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop.

In addition, number encoding had a few other issues that resulted it in it not encoding values correctly.

Patches

The issue is patched in version 1.0.4. Users are recommended to upgrade as soon as possible.

Workarounds

If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1. Although Asn1Integer supports bigint inputs, some additional implementation issues make using bigint as a mitigation inviable, as it will result in incorrect values.

If upgrading is not an option and range checks are impractical or undesirable, input to Asn1Integer can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.

References

N/A

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apeleghq/asn1-der"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-32029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1335",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-07T21:11:19Z",
    "nvd_published_at": "2025-04-07T21:15:42Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nIncorrect `number` DER encoding can lead to denial on service for absolute values in the range `2**31` -- `2**32 - 1`. The arithmetic in the `numBitLen` didn\u0027t take into account that values in this range could result in a negative result upon applying the `\u003e\u003e` operator, leading to an infinite loop.\n\nIn addition, `number` encoding had a few other issues that resulted it in it not encoding values correctly.\n\n### Patches\n\nThe issue is patched in version `1.0.4`. Users are recommended to upgrade as soon as possible.\n\n### Workarounds\n\nIf upgrading is not an option, the issue can be mitigated by validating inputs to `Asn1Integer` to ensure that they are not smaller than `-2**31 + 1` and no larger than `2**31 - 1`. Although `Asn1Integer` supports `bigint` inputs, some additional implementation issues make using `bigint` as a mitigation inviable, as it will result in incorrect values.\n\nIf upgrading is not an option and range checks are impractical or undesirable, input to `Asn1Integer` can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.\n\n### References\n\nN/A",
  "id": "GHSA-p4qw-7j9g-5h53",
  "modified": "2025-04-08T17:49:39Z",
  "published": "2025-04-07T21:11:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ApelegHQ/ts-asn1-der/security/advisories/GHSA-p4qw-7j9g-5h53"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32029"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ApelegHQ/ts-asn1-der/commit/b2bc9032cbe19755d234a27d79e47a7e52993af8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ApelegHQ/ts-asn1-der"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.