CVE-2026-45615
Deferred Deferred - Pending Action
Heap Out-of-Bounds Read in asn1c OER Decoder

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, the decoder fails to validate the required bytes before extracting the Most Significant Bit (MSB). This forces a precise 1-byte Heap Out-of-Bounds (OOB) Read. Because asn1c generated code is primarily deployed to parse untrusted network inputs (such as V2X network protocols, 5G telecom headers, or X.509 certificates), when the decoder processes untrusted network-originated input, a remote attacker can exploit this to cause a Denial of Service (DoS) or trigger incorrect integer interpretation in downstream applications (e.g., protocol state poisoning or logic bypass).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-45615
EUVD
EUVD-2026-33314
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mouse07410 asn1c to 1.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-130 The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45615 is a memory safety vulnerability in the asn1c library, specifically in the OER (Octet Encoding Rules) decoding of INTEGER types.

The flaw occurs when the decoder processes a maliciously crafted zero-length OER payload for a variable-length, non-negative INTEGER type. The decoder fails to validate the required bytes before extracting the Most Significant Bit (MSB), which leads to a 1-byte heap out-of-bounds read.

This vulnerability can cause a Denial of Service (DoS) through segmentation faults if the out-of-bounds read crosses a memory page boundary, or it can corrupt data integrity if the read occurs mid-buffer.

It affects versions of asn1c up to 1.4 and is particularly critical for applications parsing untrusted network inputs such as V2X protocols, 5G telecom headers, or X.509 certificates.

Impact Analysis

This vulnerability can be exploited remotely without any privileges or user interaction.

An attacker can cause a Denial of Service (DoS) by triggering segmentation faults through the out-of-bounds read.

Additionally, it can lead to incorrect integer interpretation in downstream applications, potentially causing protocol state poisoning or logic bypass.

Such impacts can disrupt the normal operation of systems that rely on asn1c-generated code to parse untrusted network inputs, affecting network protocols and security mechanisms.

Detection Guidance

This vulnerability arises when the asn1c-generated decoder processes a maliciously crafted zero-length OER payload for a variable-length, non-negative INTEGER type, causing a heap out-of-bounds read. Detection involves monitoring for crashes or segmentation faults in applications using asn1c versions up to 1.4 when parsing network inputs such as V2X protocols, 5G telecom headers, or X.509 certificates.

Specific detection commands or tools are not provided in the available resources. However, general approaches include:

  • Using network traffic analysis tools (e.g., Wireshark or tcpdump) to capture and inspect ASN.1 OER encoded data for malformed zero-length INTEGER payloads.
  • Running the vulnerable application under a memory error detector such as AddressSanitizer or Valgrind to catch heap out-of-bounds reads triggered by crafted inputs.
  • Monitoring application logs and system crash reports for segmentation faults or abnormal termination related to ASN.1 decoding.
Mitigation Strategies

The primary mitigation step is to update the asn1c library to a patched version that includes validation before extracting the Most Significant Bit (MSB) in the OER INTEGER decoding function.

Until a patched version is applied, consider the following immediate actions:

  • Avoid processing untrusted or malformed ASN.1 OER encoded inputs, especially those involving variable-length, non-negative INTEGER types.
  • Implement input validation or filtering at the network boundary to block suspicious or malformed ASN.1 OER payloads.
  • Monitor applications for crashes or abnormal behavior that could indicate exploitation attempts.

Comprehensive regression testing is recommended after applying patches due to potential side effects across other encoding rules.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45615. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart