Tw89Coder

**Name of the Vulnerable Software and Affected Versions** mouse07410/asn1c versions 1.4 and earlier **Description** A memory safety issue exists in the OER decoding skeleton files generated by the ASN.1 compiler, specifically within `INTEGER oer.c`. When the decoder processes a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, it fails to validate the required bytes before extracting the Most Significant Bit (MSB). This results in a 1-byte Heap Out-of-Bounds (OOB) Read—a condition where the system reads data past the end of the allocated heap memory buffer. A remote attacker can exploit this when the generated code parses untrusted network inputs, such as 5G telecom headers, V2X network protocols, or X.509 certificates, potentially leading to a Denial of Service (DoS) or incorrect integer interpretation in downstream applications, which may cause logic bypass or protocol state poisoning. The issue occurs within the `INTEGER decode oer()` function. **Recommendations** Update to a version later than 1.4. As a temporary workaround, restrict the processing of untrusted network-originated OER payloads until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Vanetza versions 26.02 and earlier **Description** A denial-of-service issue exists in the ASN.1/OER parsing pipeline. When the system processes malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or malformed certificate encoding, the ASN.1 wrapper `asn1c wrapper.cpp` raises a `std::runtime error`. Because this exception is not caught at the parsing boundary, it propagates to `std::terminate()`, causing the process to terminate. **Recommendations** Update to the version containing commit 62dfe58a8342512b6e1947d75821402ada524f1a.

**Name of the Vulnerable Software and Affected Versions** Vanetza versions 26.02 and earlier **Description** A denial-of-service issue exists in the cryptographic verification pipeline. When processing incoming V2X messages, the ASN.1 decoder accepts structures as syntactically valid even if semantic constraints on specific fields are violated. If a crafted packet contains a certificate where the `Psid` (Provider Service Identifier) sub-type is out-of-range or uses an invalid CHOICE variant, it is accepted during initial parsing. Subsequently, when the `StraightVerifyService` function attempts to calculate a message hash for cryptographic verification, it re-encodes the signing certificate. The ASN.1 wrapper `asn1c wrapper.cpp` detects the semantic violation during this encoding process and raises a `std::runtime error`. Because this exception is not caught, it propagates to `std::terminate`, causing the process to terminate immediately. **Recommendations** Update to the version containing commit e1a2e2709210d309458c3d77f98d50dec26c0df0.