node-forge ASN.1 OID Integer Truncation

@@ -1,6 +1,23 @@
 Forge ChangeLog
 ===============
 
+## 1.3.2 - 2025-11-xx
+
+### Security
+- **MODERATE**: ASN.1 OID Integer Truncation
+  - An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1
+    and below enables remote, unauthenticated attackers to craft ASN.1
+    structures containing OIDs with oversized arcs. These arcs may be decoded
+    as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the
+    bypass of downstream OID-based security decisions.
+  - Reported by Hunter Wodzenski.
+  - GHSA ID: [GHSA-65ch-62r8-g69g](https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g)
+
+### Fixed
+- [asn1] Improve OID handling.
+  - Error on parsed OID values larger than `2**32 - 1`.
+  - Error on DER OID values larger than `2**53 - 1 `.
+
 ## 1.3.1 - 2022-03-29
 
 ### Fixes

@@ -773,6 +773,10 @@ asn1.oidToDer = function(oid) {
     last = true;
     valueBytes = [];
     value = parseInt(values[i], 10);
+    // TODO: Change bitwise logic to allow larger values.
+    if(value > 0xffffffff) {
+      throw new Error('OID value too large; max is 32-bits.');
+    }
     do {
       b = value & 0x7F;
       value = value >>> 7;
@@ -818,8 +822,13 @@ asn1.derToOid = function(bytes) {
   // the last byte for each value
   var value = 0;
   while(bytes.length() > 0) {
+    // error if 7b shift would exceed Number.MAX_SAFE_INTEGER
+    // (Number.MAX_SAFE_INTEGER / 128)
+    if(value > 0x3fffffffffff) {
+      throw new Error('OID value too large; max is 53-bits.');
+    }
     b = bytes.getByte();
-    value = value << 7;
+    value = value * 128;
     // not the last byte for the value
     if(b & 0x80) {
       value += b & 0x7F;

@@ -10,11 +10,50 @@ var UTIL = require('../../lib/util');
       ASSERT.equal(ASN1.oidToDer('1.2.840.113549').toHex(), '2a864886f70d');
     });
 
+    it('should convert a 32b OID to DER', function() {
+      ASSERT.equal(ASN1.oidToDer('1.2.4294967295').toHex(), '2a8fffffff7f');
+    });
+
+    it('should not convert a >32b OID to DER', function() {
+      ASSERT.throws(
+        function() {
+          ASN1.oidToDer('1.2.4294967296');
+        },
+        /OID value too large; max is 32-bits./
+      );
+    });
+
     it('should convert an OID from DER', function() {
       var der = UTIL.hexToBytes('2a864886f70d');
       ASSERT.equal(ASN1.derToOid(der), '1.2.840.113549');
     });
 
+    it('should convert a 32b OID from DER', function() {
+      var der = UTIL.hexToBytes('2a8fffffff7f');
+      ASSERT.equal(ASN1.derToOid(der), '1.2.4294967295');
+    });
+
+    it('should convert a >32b OID from DER', function() {
+      var der = UTIL.hexToBytes('2a9080808001');
+      ASSERT.equal(ASN1.derToOid(der), '1.2.4294967297');
+    });
+
+    it('should convert a max safe int OID from DER', function() {
+      var der = UTIL.hexToBytes('2a8fffffffffffff7f');
+      ASSERT.equal(ASN1.derToOid(der), '1.2.9007199254740991');
+    });
+
+    it('should not convert a >max safe int OID from DER', function() {
+      ASSERT.throws(
+        function() {
+          // '1.2.9007199254740992'
+          var der = UTIL.hexToBytes('2a9080808080808000');
+          console.log(ASN1.derToOid(der));
+        },
+        /OID value too large; max is 53-bits./
+      );
+    });
+
     it('should convert INTEGER 0 to DER', function() {
       ASSERT.equal(ASN1.integerToDer(0).toHex(), '00');
     });