Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation
Vulnerability Description
ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a negative result upon applying the >> operator, leading to an infinite loop. The issue is patched in version 1.0.4. If upgrading is not an option, the issue can be mitigated by validating inputs to Asn1Integer to ensure that they are not smaller than -2**31 + 1 and no larger than 2**31 - 1.
CVSS Information
N/A
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
ts-asn1-der 安全漏洞
Vulnerability Description
ts-asn1-der是Apeleg开源的一组实用程序类,用于按照 DER 规则对 ASN.1 数据进行编码。 ts-asn1-der 1.0.4之前版本存在安全漏洞,该漏洞源于数字DER编码错误,可能导致无限循环。
CVSS Information
N/A
Vulnerability Type
N/A