CVE-2026-27452
Received Received - Intake
Integer Decoding Memory Leak in ASN.1 TypeScript ESM Library

Publication date: 2026-02-21

Last updated on: 2026-03-03

Assigner: GitHub, Inc.

Description
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-03-03
Generated
2026-05-07
AI Q&A
2026-02-21
EPSS Evaluated
2026-05-05
NVD
CVE-2026-27452
EUVD
EUVD-2026-7726
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jonathanwilbur asn1-ts to 11.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade the @wildboar/asn1 (asn1-ts) package to version 11.0.6 or later, where the issue has been fixed.

There are no known workarounds available for this vulnerability.


Can you explain this vulnerability to me?

CVE-2026-27452 is a critical vulnerability in the JavaScript package @wildboar/asn1 (asn1-ts) versions up to and including 11.0.5.

The issue occurs when decoding an INTEGER type, which can lead to leaking the underlying ArrayBuffer.

This vulnerability is classified as an out-of-bounds read (CWE-125), meaning the software reads data beyond the intended buffer boundaries.

The flaw was discovered by JonathanWilbur and fixed in version 11.0.6 of the package.


How can this vulnerability impact me? :

This vulnerability can lead to the exposure of sensitive memory contents because it allows leaking of the underlying ArrayBuffer when decoding INTEGER types.

Since it is an out-of-bounds read, attackers might gain access to data beyond what is intended, potentially exposing confidential information.

The severity is critical, indicating a high risk of sensitive data leakage.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

There are no specific detection methods or commands provided to identify this vulnerability on your network or system.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart