Bug 2417384 (CVE-2025-66030)

Summary:	CVE-2025-66030 node-forge: node-forge: Integer Overflow allows OID-based security bypass
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	aazores, abarbaro, abrianik, adudiak, alcohan, alizardo, amctagga, anjoseph, anpicker, anthomas, aoconnor, bbrownin, bdettelb, bniver, bparees, brasmith, carogers, caswilli, cmah, cochase, dbosanac, dhanak, doconnor, dranck, drosa, dymurray, eaguilar, ebaron, ehelms, erezende, eric.wittmann, flucifre, ggainey, ggrzybek, gmalinko, gmeno, gparvin, groman, haoli, hasun, hkataria, ibek, ibolton, jajackso, janstey, jbalunas, jcammara, jcantril, jchui, jfula, jhe, jkoehler, jmatthew, jmitchel, jmontleo, jneedle, jolong, jowilson, jprabhak, jreimann, jrokos, juwatts, jwong, kaycoth, kegrant, koliveir, kshier, ktsao, kverlaen, lchilton, lphiri, mabashia, manissin, mbenjamin, mdessi, mhackett, mhulan, mnovotny, mrizzi, mwringe, nboldt, nipatil, nmoumoul, nyancey, omaciel, ometelka, osousa, owatkins, pahickey, pantinor, parichar, pbizzarr, pbraun, pcattana, pcreech, pdelbell, pgaikwad, pjindal, psrna, ptisnovs, rchan, rhaigner, rjohnson, rkubis, rojacob, rstepani, sausingh, sdawley, sfeifer, shvarugh, simaishi, slucidi, smallamp, smcdonal, sostapov, sseago, stcannon, syedriko, tasato, teagle, tfister, thavo, tmalecek, ttakamiy, vereddy, wtam, xdharmai, yguenane
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A flaw was found in node-forge. This vulnerability allows bypass of downstream Object Identifier (OID)-based security decisions via crafting Abstract Syntax Notation One (ASN.1) structures containing Object Identifiers (OIDs) with oversized arcs, which are then decoded as smaller, trusted OIDs due to 32-bit bitwise truncation.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-11-26 23:01:13 UTC

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.