CVE-2025-66031 node-forge ASN.1 Unbounded Recursion

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

CVE-2025-66031 node-forge ASN.1 Unbounded Recursion

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

CVE-2025-66031 node-forge ASN.1 Unbounded Recursion

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

CVE-2025-66031

CVE-2025-66031 pertains to the node-forge (Forge) library. An Uncontrolled Recursion vulnerability in node-forge

CVE-2025-66031

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41773 more potentially affected by CVE-2025-66031 via node-forge (>=0.10.0 <=1.3.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

node-forge has ASN.1 Unbounded Recursion

Summary An Uncontrolled Recursion CWE-674 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service DoS via stack exhaustion when parsing untrusted DER...

GHSA-554W-WPV2-VW27 node-forge has ASN.1 Unbounded Recursion

Summary An Uncontrolled Recursion CWE-674 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service DoS via stack exhaustion when parsing untrusted DER...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41773 more potentially affected by CVE-2025-66030 via node-forge (>=0.10.0 <=1.3.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

GHSA-65CH-62R8-G69G node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...

node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary MITRE-Formatted CVE Description An Integer Overflow CWE-190 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwis...

GHSA-5GFM-WPXJ-WJGQ node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

Summary CVE-2025-12816 has been reserved by CERT/CC Description An Interpretation Conflict CWE-436 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may...

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41773 more potentially affected by CVE-2025-12816 via node-forge (>=0.10.0 <=1.3.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization

Summary CVE-2025-12816 has been reserved by CERT/CC Description An Interpretation Conflict CWE-436 vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may...

node-forge 安全漏洞

node-forge is a software application. A WebJar for node-forge. A security vulnerability exists in node-forge 1.3.1 and earlier versions, which stems from uncontrolled recursion and could lead to a denial of service triggered by a remote, unauthenticated attacker via a deep ASN.1 structure...

PT-2025-48202

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and below Description An uncontrolled recursion issue exists in node-forge, a native implementation of Transport Layer Security in JavaScript. The issue allows remote, unauthenticated attackers to create complex ASN.1...

PT-2025-48201

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and below Description An Integer Overflow issue exists in node-forge, a native implementation of Transport Layer Security in JavaScript. The flaw resides in the parsing of ASN.1 structures containing OIDs with oversiz...

node-forge 输入验证错误漏洞

node-forge is a software application. A WebJar for node-forge. An input validation error vulnerability exists in node-forge 1.3.1 and prior versions, which stems from an integer overflow that could allow a remote, unauthenticated attacker to bypass OID-based security decisions...

DEBIAN-CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...