icon

We found results for “

CVE-2025-32029

Good to know:

icon

Date: April 7, 2025

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop. The issue is patched in version 1.0.4. If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -231 + 1 and no larger than 231 - 1.

Severity Score

Severity Score

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Incorrect Bitwise Shift of Integer

CWE-1335

Top Fix

icon

Upgrade Version

Upgrade to version @apeleghq/asn1-der - 1.0.4;@apeleghq/asn1-der - 1.0.4;https://github.com/ApelegHQ/ts-asn1-der.git - 1.0.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us