Apeleg ts-asn1-der Incorrect DER Encoding Leading to Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Apeleg ts-asn1-der package, specifically in versions prior to 1.0.4. The issue arises from incorrect encoding of numbers in accordance with DER rules, particularly for values in the range of 2^31 to 2^32 - 1. This miscalculation causes the encoding function to enter an infinite loop, effectively disrupting service. Additionally, the flawed encoding logic misrepresents certain numeric values, further exacerbating the issue.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by creating an infinite loop in the encoding process, specifically for certain numeric values that are incorrectly processed.

Reproduction

The vulnerability can be reproduced by encoding a number that falls within the problematic range of 2^31 to 2^32 - 1 using the Asn1Integer class in the ts-asn1-der package. The encoding function will enter an infinite loop, causing a denial-of-service condition.

Remediation

Users are advised to upgrade to version 1.0.4 or later. If an upgrade is not possible, validate inputs to the Asn1Integer class to ensure they are within the safe range. Alternatively, input can be provided as a buffer with the correct DER encoding.