You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
asn1 parsing
About this tag
ASN.1 parsing is a critical function in cryptographic and smart card libraries, where subtle bugs can lead to serious security vulnerabilities. On WindowsForum.com, discussions cover real-world CVEs such as CVE-2023-2977 in OpenSC, which causes a heap out-of-bounds read in the pkcs15-cardos codepath, and CVE-2025-66031 in node-forge, which enables unbounded recursion leading to denial of service. These threads explore the technical details of the parsing flaws, their impact on authentication and code-signing workflows, and the importance of applying patches across downstream consumers. The tag asn1 parsing is used to track these security-focused conversations about DER input handling and library fixes.
OpenSC contains a subtle ASN.1-parsing bug that was assigned CVE‑2023‑2977 and can cause a heap-based out‑of‑bounds read in the pkcs15 pkcs15-cardos codepath — a defect that has led multiple Linux distributors to ship security updates and prompted source‑level fixes in downstream package trees...
A newly disclosed high‑severity vulnerability in the popular JavaScript cryptography library node‑forge (tracked as CVE‑2025‑66031) enables unbounded ASN.1 recursion that can be trivially abused to crash Node.js processes parsing untrusted DER inputs — and the fix landed quickly in node‑forge...