Astra Linux - уязвимость в mbedtls

A issue was discovered in Arm Mbed TLS before version 2.24.0. The function mbedtlsx509crlparseder has a buffer over-read of one byte...

Astra Linux - уязвимость в libtasn1-6

GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder...

OESA-2026-1839 python-ecdsa security update

This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs signing key and verifying key, sign messages, and verify the signatures. The key...

[SECURITY] Fedora 44 Update: libtasn1-4.21.0-1.fc44

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functi ons...

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

CVE-2026-33936

CVE-2026-33936 affects the Python package python-ecdsa (pre-0.19.2). A flaw in the low-level DER parsing (remove_octet_string) can cause generated truncated DER inputs to be accepted, allowing SigningKey.from_der() to raise an internal IndexError instead of rejecting malformed data, potentially c...

CVE-2026-33936

The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdDSA Edwards-curve Digital Signature Algorithm and ECDH Elliptic Curve Diffie-Hellman. Prior to version 0.19.2, an issue in the low-level D...

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

Uncontrolled Recursion

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker can cause stack exhaustion and disrupt service availability by submitting...

EUVD-2014-1645

Malware in sbrugna...

EUVD-2016-3068

Malware in sbrugna...

EUVD-2020-0076

Malware in sbrugna...

RLSA-2025:7077 Moderate: libtasn1 security update

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: Inefficient DER Decoding in libtasn1 Leading ...

ALSA-2025:7077 Moderate: libtasn1 security update

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: Inefficient DER Decoding in libtasn1 Leading ...

CVE-2025-32029

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a...

GHSA-P4QW-7J9G-5H53 ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation

Impact Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the operator, leading to an infinite loop. In...

ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation

Impact Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the operator, leading to an infinite loop. In...

CVE-2025-32029 ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a...

CVE-2025-32029

The CVE-2025-32029 entry concerns ts-asn1-der, a library for encoding ASN.1 data in DER. A bug in the DER encoding of numbers arises from arithmetic in the numBitLen function: for absolute values in the range 231 to 2 32-1, the >> operation can yield a negative result, causing an infinite l...

PT-2025-15291 · Unknown · Ts-Asn1-Der

Name of the Vulnerable Software and Affected Versions: ts-asn1-der versions prior to 1.0.4 Description: The issue is related to incorrect number DER encoding, which can lead to denial of service for absolute values in the range 231 to 232 - 1. This is due to the arithmetic in the numBitLen not...