233 matches found
AZL-71134 CVE-2025-66031 affecting package reaper for versions less than 3.1.1-21
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
DEBIAN-CVE-2025-66030
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
AZL-71131 CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-66031
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
DEBIAN-CVE-2025-66031
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
UBUNTU-CVE-2025-66031
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
UBUNTU-CVE-2025-66030
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +1080 more potentially affected by CVE-2025-66031 via node-forge (>=1.0.0 <=1.3.1)
node-forge NPM version =1.0.0, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =1.1.0, =1.2.1, =1.0.0, =1.2.6, =1.23.2, =3.0.0-alpha.0, =3.1.0, =3.11.0-rc.1 and more Source cves: CVE-2025-66031 Source advisory: SNYK:JS-NODEFORGE-14125745...
Uncontrolled Recursion
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker c...
Uncontrolled Recursion
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker can cause stack exhaustion and disrupt service availability by submitting...
-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +1080 more potentially affected by CVE-2025-66030 via node-forge (>=1.0.0 <=1.3.1)
node-forge NPM version =1.0.0, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =1.1.0, =1.2.1, =1.0.0, =1.2.6, =1.23.2, =3.0.0-alpha.0, =3.1.0, =3.11.0-rc.1 and more Source cves: CVE-2025-66030 Source advisory: SNYK:JS-NODEFORGE-14125097...
Integer Overflow or Wraparound
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1...
Integer Overflow or Wraparound
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1 structures containing OIDs with oversized arcs. An attacker can bypass security...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
EUVD-2025-199768
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-66030
CVE-2025-66030 (node-forge) is a vulnerability in the Forge/ node-forge TLS implementation for JavaScript. The issue is an integer overflow in versions 1.3.1 and earlier, allowing remote, unauthenticated attackers to craft ASN.1 structures with oversized arcs. These arcs can be decoded as smaller...
CVE-2025-66030
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
EUVD-2025-199767
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...