Описание
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| jammy | needs-triage | |
| noble | DNE | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
8.6 High
CVSS3
Связанные уязвимости
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
An interpretation-conflict (CWE-436) vulnerability in node-forge versi ...
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization
Уязвимость функции asn1.validate() сценария forge/lib/asn1.js набора криптографических утилит и инструментов для разработки веб-приложений Forge, позволяющая нарушителю обойти ограничения безопасности
EPSS
8.6 High
CVSS3