Lucene search
K

4 matches found

Snyk
Snyk
added 2025/11/26 10:43 p.m.1 views

Integer Overflow or Wraparound

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1 structures containing OIDs with oversized arcs. An attacker can bypass security...

6.3CVSS6.4AI score0.00276EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/26 10:43 p.m.2 views

Integer Overflow or Wraparound

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1...

6.3CVSS6.8AI score0.00276EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/26 10:7 p.m.9 views

node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...

6.3CVSS6.8AI score0.00276EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/26 10:7 p.m.1 views

GHSA-65CH-62R8-G69G node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...

6.3CVSS6.4AI score0.00276EPSS
Exploits0References4
Rows per page
Query Builder