Description
mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, the decoder fails to validate the required bytes before extracting the Most Significant Bit (MSB). This forces a precise 1-byte Heap Out-of-Bounds (OOB) Read. Because asn1c generated code is primarily deployed to parse untrusted network inputs (such as V2X network protocols, 5G telecom headers, or X.509 certificates), when the decoder processes untrusted network-originated input, a remote attacker can exploit this to cause a Denial of Service (DoS) or trigger incorrect integer interpretation in downstream applications (e.g., protocol state poisoning or logic bypass).
Published: 2026-05-29
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A 1‑byte heap out‑of‑bounds read occurs in the OER decoding code generated by the ASN.1 compiler when it processes a maliciously crafted, zero‑length payload for a variable‑length, non‑negative integer type. The decoder does not verify that the required bytes exist before extracting the most significant bit, allowing a precise one‑byte read beyond the heap boundary. This flaw can be leveraged by an attacker to crash the application or cause downstream systems to interpret integer values incorrectly, potentially leading to protocol state compromises or logic bypass.

Affected Systems

The vulnerability affects mouse07410’s ASN.1 compiler asn1c, versions 1.4 and earlier. The generated decoder code is commonly used to parse untrusted network inputs such as V2X vehicle‑to‑everything traffic, 5G telecom headers, or X.509 certificate structures.

Risk and Exploitability

The CVSS score of 8.2 indicates a medium‑to‑high severity. This issue is not listed in CISA’s KEV catalog, and no EPSS score is available, but the exploitation vector is network‑based: any untrusted OER‑formatted data sent to an application that uses asn1c‑generated code could trigger the flaw. The attacker’s ability to trigger a crash or alter integer values makes this a serious threat for services relying on robust decoding of network messages.

Generated by OpenCVE AI on May 29, 2026 at 15:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest asn1c release (1.5 or later) to replace the vulnerable decoder code.
  • Add a pre‑validation routine that checks the payload length before calling Integer_oer_decode to avoid zero‑length inputs triggering the OOB read.
  • Compile the generated decoder code with compiler bounds checking or tools such as AddressSanitizer to detect any future out‑of‑bounds accesses during development.

Generated by OpenCVE AI on May 29, 2026 at 15:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Mouse07410
Mouse07410 asn1c
Vendors & Products Mouse07410
Mouse07410 asn1c

Fri, 29 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, the decoder fails to validate the required bytes before extracting the Most Significant Bit (MSB). This forces a precise 1-byte Heap Out-of-Bounds (OOB) Read. Because asn1c generated code is primarily deployed to parse untrusted network inputs (such as V2X network protocols, 5G telecom headers, or X.509 certificates), when the decoder processes untrusted network-originated input, a remote attacker can exploit this to cause a Denial of Service (DoS) or trigger incorrect integer interpretation in downstream applications (e.g., protocol state poisoning or logic bypass).
Title mouse07410/asn1c: 1-byte Heap Out-of-Bounds Read in `INTEGER_decode_oer` via Malformed OER Payload
Weaknesses CWE-125
CWE-130
CWE-20
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Subscriptions

Mouse07410 Asn1c
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T16:19:31.086Z

Reserved: 2026-05-12T20:31:43.448Z

Link: CVE-2026-45615

cve-icon Vulnrichment

Updated: 2026-05-29T16:18:59.573Z

cve-icon NVD

Status : Received

Published: 2026-05-29T14:16:30.847

Modified: 2026-05-29T18:17:10.163

Link: CVE-2026-45615

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:46:30Z

Weaknesses