CVE Tools
Sign in

CVE-2025-0343

Published: Jan 15, 2025Updated: Mar 24, 2025 Sources: CVE List NVD GHSACWE-228
NVD MITRE
7.5CVSSHIGH
EPSS Score
0.3%
Top 76.6%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constraint isn't met. Importantly, these constraints are actually required to be true in DER, but that correctness wasn't enforced on the early node parser side so it was incorrect to rely on it later on in decoding, which is what the library did. These crashes can be triggered when parsing any DER/BER format object. There is no memory-safety issue here: the crash is a graceful one from the Swift runtime. The impact of this is that it can be used as a denial-of-service vector when parsing BER/DER data from unknown sources, e.g. when parsing TLS certificates.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-228

Affected Products

Swift ASN1Swift Project
Library
OSS Libraries
github.com/apple/swift-asn1SwiftURL
Library
OSS Libraries / generic-library
swift projectoss-projectOSS Librariesaka swift project
swifturlOSS Librariesaka swift-nio-http2, github.com/vapor/vapor, github.com/pytorch/executorch, swift-nio-http2, github.com/apple/swift-nio-http2

Exploitability

Official Patch Available

References

https://github.com/apple/swift-asn1/security/advisories/GHSA-w8xv-rwgf-4fwh
github.com
https://nvd.nist.gov/vuln/detail/CVE-2025-0343
nvd.nist.gov
https://github.com/apple/swift-asn1/commit/ae33e5941bb88d88538d0a6b19ca0b01e6c76dcf
github.com
and 1 more references View all →

Timeline

Published
Jan 15, 2025
Last Updated
Mar 24, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2025-0343 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows