4 matches found
Integer Overflow or Wraparound
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1 structures containing OIDs with oversized arcs. An attacker can bypass security...
Integer Overflow or Wraparound
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1...
node-forge is vulnerable to ASN.1 OID Integer Truncation
Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...
GHSA-65CH-62R8-G69G node-forge is vulnerable to ASN.1 OID Integer Truncation
Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...