Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-p4qw-7j9g-5h53: ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation

Impact

Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**312**32 - 1. The arithmetic in the numBitLen didn’t take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop.

In addition, number encoding had a few other issues that resulted it in it not encoding values correctly.

Patches

The issue is patched in version 1.0.4. Users are recommended to upgrade as soon as possible.

Workarounds

If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1. Although Asn1Integer supports bigint inputs, some additional implementation issues make using bigint as a mitigation inviable, as it will result in incorrect values.

If upgrading is not an option and range checks are impractical or undesirable, input to Asn1Integer can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.

References

N/A

ghsa
Open in Source
#dos

Impact

Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 – 232 - 1. The arithmetic in the numBitLen didn’t take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop.

In addition, number encoding had a few other issues that resulted it in it not encoding values correctly.

Patches

The issue is patched in version 1.0.4. Users are recommended to upgrade as soon as possible.

Workarounds

If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -231 + 1 and no larger than 231 - 1. Although Asn1Integer supports bigint inputs, some additional implementation issues make using bigint as a mitigation inviable, as it will result in incorrect values.

If upgrading is not an option and range checks are impractical or undesirable, input to Asn1Integer can be provided as a buffer to be used directly. Note that this requires computing the correct DER encoding externally.

References

N/A

References

  • GHSA-p4qw-7j9g-5h53
  • ApelegHQ/ts-asn1-der@b2bc903

ghsa: Latest News

GHSA-r683-v43c-6xqv: samlify SAML Signature Wrapping attack
ghsa