Integer Constraint Vulnerability in asn1c Fork by mouse07410
CVE-2025-55398

9.8CRITICAL

Key Information:

Vendor: mouse07410
Status: asn1c
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-55398?

A critical vulnerability has been identified in the mouse07410 asn1c library, specifically affecting version 0.9.29. The issue arises in the handling of INTEGER constraints under the Unaligned Packed Encoding Rules (UPER). The asn1c-generated decoders do not properly enforce constraints when the positive integers exceed 32 bits in length. This oversight may lead to the processing of incorrect or potentially malicious input, thereby undermining the security of applications relying on this library.

References

https://github.com/mouse07410/asn1c/issues/222

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Aug 13, 2025

CVE-2025-55398 Data

JSON