CVE-2026-27452
Received Received - Intake
Integer Decoding Memory Leak in ASN.1 TypeScript ESM Library

Publication date: 2026-02-21

Last updated on: 2026-03-03

Assigner: GitHub, Inc.

Description
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-21
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-02-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27452
EUVD
EUVD-2026-7726
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jonathanwilbur asn1-ts to 11.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-27452 is a critical vulnerability in the JavaScript package @wildboar/asn1 (asn1-ts) versions up to and including 11.0.5.

The issue occurs when decoding an INTEGER type, which can lead to leaking the underlying ArrayBuffer.

This vulnerability is classified as an out-of-bounds read (CWE-125), meaning the software reads data beyond the intended buffer boundaries.

The flaw was discovered by JonathanWilbur and fixed in version 11.0.6 of the package.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the @wildboar/asn1 (asn1-ts) package to version 11.0.6 or later, where the issue has been fixed.

There are no known workarounds available for this vulnerability.

Detection Guidance

There are no specific detection methods or commands provided to identify this vulnerability on your network or system.

Impact Analysis

This vulnerability can lead to the exposure of sensitive memory contents because it allows leaking of the underlying ArrayBuffer when decoding INTEGER types.

Since it is an out-of-bounds read, attackers might gain access to data beyond what is intended, potentially exposing confidential information.

The severity is critical, indicating a high risk of sensitive data leakage.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27452. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart