Lucene search
K

241 matches found

Veracode
Veracode
โ€ขadded 2025/12/08 7:42 a.m.โ€ข8 views

Interpretation-Conflict

node-forge is vulnerable to an Interpretation-Conflict. The vulnerability is due to crafted ASN.1 structures causing schema desynchronization, where inconsistent parsing can bypass downstream cryptographic checks and security decisions...

8.6CVSS4.7AI score0.00689EPSS
Exploits1References7Affected Software1
Microsoft CVE
Microsoft CVE
โ€ขadded 2025/11/29 9:3 a.m.โ€ข7 views

node-forge ASN.1 Unbounded Recursion

...

8.7CVSS7AI score0.00373EPSS
Exploits0
OSV
OSV
โ€ขadded 2025/11/26 11:15 p.m.โ€ข5 views

UBUNTU-CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

6.3CVSS6.6AI score0.00276EPSS
Exploits0References4
Cvelist
Cvelist
โ€ขadded 2025/11/26 10:23 p.m.โ€ข11 views

CVE-2025-66031 node-forge ASN.1 Unbounded Recursion

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

8.7CVSS0.00373EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2025/11/26 10:7 p.m.โ€ข4 views

GHSA-5GFM-WPXJ-WJGQ node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

Summary CVE-2025-12816 has been reserved by CERT/CC Description An Interpretation Conflict CWE-436 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may...

8.7CVSS5.9AI score0.00689EPSS
Exploits1References13
OSV
OSV
โ€ขadded 2025/11/25 8:15 p.m.โ€ข4 views

DEBIAN-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

8.6CVSS6.5AI score0.00689EPSS
Exploits1References1
OSV
OSV
โ€ขadded 2025/11/25 8:15 p.m.โ€ข4 views

UBUNTU-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

8.6CVSS6.7AI score0.00689EPSS
Exploits1References8
Snyk
Snyk
โ€ขadded 2025/11/25 7:42 p.m.โ€ข1 views

Interpretation Conflict

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Interpretation Conflict via the asn1.validate function. An attacker can cause schema validation to become desynchronized, resulting in semantic divergence that may allow bypassing...

9.3CVSS6.8AI score0.00689EPSS
Exploits1References2
Positive Technologies
Positive Technologies
โ€ขadded 2025/11/25 12:0 a.m.โ€ข12 views

PT-2025-48075

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data ...

9.8CVSS6.5AI score0.01535EPSS
Exploits4References93
CERT
CERT
โ€ขadded 2025/11/25 12:0 a.m.โ€ข7 views

Forge JavaScript library impacted by a vulnerability in signature verification.

Overview The Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code MAC data, was identified. Users of the...

8.6CVSS6.8AI score0.00689EPSS
Exploits1References4
CVE
CVE
โ€ขadded 2025/11/11 12:20 a.m.โ€ข17 views

CVE-2025-42940

CVE-2025-42940 affects SAP CommonCryptoLib. The issue is boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network, leading to memory corruption and an application crash. Impact is high on availability, with no confidentiality or integrity impact stated. Connect...

7.5CVSS6.5AI score0.00405EPSS
Exploits0References2
Positive Technologies
Positive Technologies
โ€ขadded 2025/11/11 12:0 a.m.โ€ข7 views

PT-2025-46240

Name of the Vulnerable Software and Affected Versions SAP CommonCryptoLib affected versions not specified Description SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This can lead to memory corruption and...

7.5CVSS6.5AI score0.00405EPSS
Exploits0References7
Vulnrichment
Vulnrichment
โ€ขadded 2025/10/29 10:10 p.m.โ€ข1 views

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

6.5AI score0.00526EPSS
Exploits0References4
OSV
OSV
โ€ขadded 2025/10/29 9:50 p.m.โ€ข12 views

GO-2025-4011 Parsing DER payload can cause memory exhaustion in encoding/asn1

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

5.3CVSS6.9AI score0.00526EPSS
Exploits0References3
Rosalinux
Rosalinux
โ€ขadded 2025/10/27 6:20 a.m.โ€ข40 views

Advisory ROSA-SA-2025-3042

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...

8.2CVSS7AI score0.01245EPSS
Exploits0
Talos
Talos
โ€ขadded 2025/10/16 12:0 a.m.โ€ข8 views

Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability

Talos Vulnerability Report TALOS-2025-2142 Dell BSAFE Crypto-C GetIndefiniteElementLen stack overflow vulnerability October 16, 2025 CVE Number None SUMMARY A stack overflow vulnerability exists in the GetIndefiniteElementLen functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1...

7.5AI score
Exploits0
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข6 views

EUVD-2022-1041

Malicious code in bioql PyPI...

6.3CVSS5.6AI score0.0103EPSS
Exploits1References8
Github Security Blog
Github Security Blog
โ€ขadded 2025/09/29 3:0 p.m.โ€ข7 views

CodeQL zero to hero part 5: Debugging queries

When you're first getting started with CodeQL, you may find yourself in a situation where a query doesn't return the results you expect. Debugging these queries can be tricky, because CodeQL is a Prolog-like language with an evaluation model that's quite different from mainstream languages like...

7.3AI score
Exploits0
Microsoft CVE
Microsoft CVE
โ€ขadded 2025/09/28 8:2 a.m.โ€ข8 views

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

...

8.2CVSS7AI score0.00362EPSS
Exploits1
BDU FSTEC
BDU FSTEC
โ€ขadded 2025/09/28 12:0 a.m.โ€ข2 views

The vulnerability of the ASN.1 library Libtasn1, related to algorithmic complexity, allows attackers to cause service failures.

The vulnerability of the ASN.1 library Libtasn1 is related to its algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service failures...

5.3CVSS6.7AI score0.0107EPSS
Exploits0References19Affected Software11
Rows per page
Query Builder