Описание
Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | io.cryostat-cryostat | Not affected | ||
| Gatekeeper 3 | gatekeeper/gatekeeper-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch6-rhel9 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-operator-bundle | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-proxy-rhel9 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/elasticsearch-rhel9-operator | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-curator5-rhel9 | Will not fix | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-view-plugin-rhel9 | Will not fix | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transpo ...
EPSS
5.3 Medium
CVSS3