Skip to main content

Asn1C

3 CVEs product

Monthly

CVE-2026-45615 HIGH This Week

Heap out-of-bounds read in mouse07410/asn1c versions 1.4 and earlier allows remote attackers to crash applications or corrupt integer parsing logic by sending a zero-length OER payload for a variable-length non-negative INTEGER type. The generated INTEGER_oer.c skeleton extracts the Most Significant Bit without validating input length, and because asn1c-generated parsers are commonly deployed in V2X, 5G telecom, and X.509 stacks, the impact extends into safety- and identity-critical pipelines. No public exploit identified at time of analysis, but the trivial trigger condition makes weaponization straightforward.

Denial Of Service Asn1C
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2017-12966 MEDIUM POC This Month

The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Asn1C
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-5080 CRITICAL Act Now

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Asn1C
NVD GitHub
CVSS 3.0
9.8
EPSS
9.8%
EPSS 0% CVSS 8.2
HIGH This Week

Heap out-of-bounds read in mouse07410/asn1c versions 1.4 and earlier allows remote attackers to crash applications or corrupt integer parsing logic by sending a zero-length OER payload for a variable-length non-negative INTEGER type. The generated INTEGER_oer.c skeleton extracts the Most Significant Bit without validating input length, and because asn1c-generated parsers are commonly deployed in V2X, 5G telecom, and X.509 stacks, the impact extends into safety- and identity-critical pipelines. No public exploit identified at time of analysis, but the trivial trigger condition makes weaponization straightforward.

Denial Of Service Asn1C
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Asn1C
NVD
EPSS 10% CVSS 9.8
CRITICAL Act Now

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy