GHSA-P4QW-7J9G-5H53

Vulnerability from github – Published: 2025-04-07 21:11 – Updated: 2025-04-08 17:49
VLAI?
Summary
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation
Details

Impact

Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop.

In addition, number encoding had a few other issues that resulted it in it not encoding values correctly.

Patches

The issue is patched in version 1.0.4. Users are recommended to upgrade as soon as possible.

Workarounds

If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1. Although Asn1Integer supports bigint inputs, some additional implementation issues make using bigint as a mitigation inviable, as it will result in incorrect values.

If upgrading is not an option and range checks are impractical or undesirable, input to Asn1Integer can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.

References

N/A

Severity ?
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@apeleghq/asn1-der"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-32029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1335",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-07T21:11:19Z",
    "nvd_published_at": "2025-04-07T21:15:42Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nIncorrect `number` DER encoding can lead to denial on service for absolute values in the range `2**31` -- `2**32 - 1`. The arithmetic in the `numBitLen` didn\u0027t take into account that values in this range could result in a negative result upon applying the `\u003e\u003e` operator, leading to an infinite loop.\n\nIn addition, `number` encoding had a few other issues that resulted it in it not encoding values correctly.\n\n### Patches\n\nThe issue is patched in version `1.0.4`. Users are recommended to upgrade as soon as possible.\n\n### Workarounds\n\nIf upgrading is not an option, the issue can be mitigated by validating inputs to `Asn1Integer` to ensure that they are not smaller than `-2**31 + 1` and no larger than `2**31 - 1`. Although `Asn1Integer` supports `bigint` inputs, some additional implementation issues make using `bigint` as a mitigation inviable, as it will result in incorrect values.\n\nIf upgrading is not an option and range checks are impractical or undesirable, input to `Asn1Integer` can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.\n\n### References\n\nN/A",
  "id": "GHSA-p4qw-7j9g-5h53",
  "modified": "2025-04-08T17:49:39Z",
  "published": "2025-04-07T21:11:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ApelegHQ/ts-asn1-der/security/advisories/GHSA-p4qw-7j9g-5h53"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32029"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ApelegHQ/ts-asn1-der/commit/b2bc9032cbe19755d234a27d79e47a7e52993af8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ApelegHQ/ts-asn1-der"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.