Listen to this Post
The vulnerability exists in the `asn1.fromDer` function within forge/lib/asn1.js. The DER parser implementation uses a recursive function, _fromDer, to process ASN.1 constructed types like SEQUENCE and SET. The function lacks a recursion depth guard. An attacker can craft a malicious DER-encoded object with an extremely deep nesting of these constructed types. When this object is parsed, the `_fromDer` function is called recursively for each nested level. This uncontrolled recursion exhausts the Node.js/V8 JavaScript call stack, triggering a `RangeError: Maximum call stack size exceeded` exception. This crashes the process, resulting in a Denial-of-Service.
Platform: Node.js
Version: <=1.3.1
Vulnerability: Stack Exhaustion
Severity: High
date: 2022-03-22
Prediction: 2022-03-29
What Undercode Say:
npm audit --production
const forge = require('node-forge');
const maliciousDer = forge.util.createBuffer().getBytes(); // Crafted deep DER
forge.asn1.fromDer(maliciousDer); // Triggers stack overflow
How Exploit:
Craft deep DER.
Send to service.
Crash process.
Protection from this CVE
Update node-forge.
Input validation.
Limit recursion.
Impact:
Denial-of-Service.
Service crash.
Availability loss.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
