Skip to content

Commit 6f70043

Browse files
davidlehndavidlehn
committed
Update CVE details.
1 parent f547b0d commit 6f70043

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

CHANGELOG.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ Forge ChangeLog
1111
divergence that may bypass downstream cryptographic verifications and
1212
security decisions.
1313
- Reported by Hunter Wodzenski.
14-
- CVE ID: [CVE-2025-12816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12816)
14+
- CVE ID: [CVE-2025-12816](https://www.cve.org/CVERecord?id=CVE-2025-12816)
1515
- GHSA ID: [GHSA-5gfm-wpxj-wjgq](https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq)
1616
- **HIGH**: ASN.1 Unbounded Recursion
1717
- An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions
@@ -20,6 +20,7 @@ Forge ChangeLog
2020
Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER
2121
inputs.
2222
- Reported by Hunter Wodzenski.
23+
- CVE ID: [CVE-2025-66031](https://www.cve.org/CVERecord?id=CVE-2025-66031)
2324
- GHSA ID: [GHSA-554w-wpv2-vw27](https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27)
2425
- **MODERATE**: ASN.1 OID Integer Truncation
2526
- An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1
@@ -28,6 +29,7 @@ Forge ChangeLog
2829
as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the
2930
bypass of downstream OID-based security decisions.
3031
- Reported by Hunter Wodzenski.
32+
- CVE ID: [CVE-2025-66030](https://www.cve.org/CVERecord?id=CVE-2025-66030)
3133
- GHSA ID: [GHSA-65ch-62r8-g69g](https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g)
3234

3335
### Fixed

0 commit comments

Comments
 (0)