Memory Safety Flaw in ASN.1 Compiler Affects mouse07410/asn1c
CVE-2026-45615

8.2HIGH

Key Information:

Vendor: Mouse07410
Status: Asn1c
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-45615?

A critical memory safety vulnerability exists in the ASN.1 compiler, particularly in the OER decoding skeleton files generated by asn1c. This flaw arises when processing maliciously crafted zero-length OER payloads for variable-length, non-negative INTEGER types. The decoder inadequately checks required bytes, resulting in a 1-byte Heap Out-of-Bounds Read. Given that asn1c is commonly used for parsing untrusted network inputs—such as those from V2X network protocols, 5G telecom demands, or X.509 certificates—this vulnerability can be exploited by attackers. Successful exploitation may result in Denial of Service or lead to incorrect integer processing in downstream systems, potentially causing protocol state disruptions or circumventing logic checks.

Affected Version(s)

asn1c <= 1.4

References

https://github.com/mouse07410/asn1c/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-45615 Data

JSON

Mouse07410

What is CVE-2026-45615?

Affected Version(s)

References

CVSS V3.1

Timeline