CVE-2026-45615
Heap Out-of-Bounds Read in asn1c OER Decoder
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mouse07410 | asn1c | to 1.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-130 | The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45615 is a memory safety vulnerability in the asn1c library, specifically in the OER (Octet Encoding Rules) decoding of INTEGER types.
The flaw occurs when the decoder processes a maliciously crafted zero-length OER payload for a variable-length, non-negative INTEGER type. The decoder fails to validate the required bytes before extracting the Most Significant Bit (MSB), which leads to a 1-byte heap out-of-bounds read.
This vulnerability can cause a Denial of Service (DoS) through segmentation faults if the out-of-bounds read crosses a memory page boundary, or it can corrupt data integrity if the read occurs mid-buffer.
It affects versions of asn1c up to 1.4 and is particularly critical for applications parsing untrusted network inputs such as V2X protocols, 5G telecom headers, or X.509 certificates.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without any privileges or user interaction.
An attacker can cause a Denial of Service (DoS) by triggering segmentation faults through the out-of-bounds read.
Additionally, it can lead to incorrect integer interpretation in downstream applications, potentially causing protocol state poisoning or logic bypass.
Such impacts can disrupt the normal operation of systems that rely on asn1c-generated code to parse untrusted network inputs, affecting network protocols and security mechanisms.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises when the asn1c-generated decoder processes a maliciously crafted zero-length OER payload for a variable-length, non-negative INTEGER type, causing a heap out-of-bounds read. Detection involves monitoring for crashes or segmentation faults in applications using asn1c versions up to 1.4 when parsing network inputs such as V2X protocols, 5G telecom headers, or X.509 certificates.
Specific detection commands or tools are not provided in the available resources. However, general approaches include:
- Using network traffic analysis tools (e.g., Wireshark or tcpdump) to capture and inspect ASN.1 OER encoded data for malformed zero-length INTEGER payloads.
- Running the vulnerable application under a memory error detector such as AddressSanitizer or Valgrind to catch heap out-of-bounds reads triggered by crafted inputs.
- Monitoring application logs and system crash reports for segmentation faults or abnormal termination related to ASN.1 decoding.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the asn1c library to a patched version that includes validation before extracting the Most Significant Bit (MSB) in the OER INTEGER decoding function.
Until a patched version is applied, consider the following immediate actions:
- Avoid processing untrusted or malformed ASN.1 OER encoded inputs, especially those involving variable-length, non-negative INTEGER types.
- Implement input validation or filtering at the network boundary to block suspicious or malformed ASN.1 OER payloads.
- Monitor applications for crashes or abnormal behavior that could indicate exploitation attempts.
Comprehensive regression testing is recommended after applying patches due to potential side effects across other encoding rules.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.