PT-2025-15291 · Unknown · Ts-Asn1-Der
Published
2025-04-07
·
Updated
2025-04-08
·
CVE-2025-32029
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
ts-asn1-der versions prior to 1.0.4
Description
The issue is related to incorrect number DER encoding, which can lead to denial of service for absolute values in the range 231 to 232 - 1. This is due to the arithmetic in the numBitLen not taking into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop.
Recommendations
For versions prior to 1.0.4, update to version 1.0.4 to resolve the issue.
As a temporary workaround, consider validating inputs to
Asn1Integer to ensure that they are not smaller than -231 + 1 and no larger than 231 - 1.Exploit
Fix
DoS
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ts-Asn1-Der