Home > Vulnerability Database > CVE-2025-32029

Mend.io Vulnerability Database

CVE-2025-32029

Good to know:

Date: April 7, 2025

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop. The issue is patched in version 1.0.4. If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -231 + 1 and no larger than 231 - 1.

Severity Score

6.2

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32029

Url: https://github.com/ApelegHQ/ts-asn1-der/security/advisories/GHSA-p4qw-7j9g-5h53

Url: https://github.com/ApelegHQ/ts-asn1-der

Url: https://github.com/ApelegHQ/ts-asn1-der/commit/b2bc9032cbe19755d234a27d79e47a7e52993af8

Url: https://www.mend.io/vulnerability-database/CVE-2025-32029

Severity Score

6.2

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Incorrect Bitwise Shift of Integer

CWE-1335

Top Fix

Upgrade Version

Upgrade to version @apeleghq/asn1-der - 1.0.4;@apeleghq/asn1-der - 1.0.4;https://github.com/ApelegHQ/ts-asn1-der.git - 1.0.4

Learn More

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32029

Good to know:

Date: April 7, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?