CVE-2021-45711

Name of the Vulnerable Software and Affected Versions: simple asn1 versions 0.6.0

Description: An issue was discovered in the simple asn1 crate where a panic occurs if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f. This happens when parsing the old ASN.1 "UTCTime" time format, and a string slice operation in the from der function tries to slice into the middle of a UTF-8 character, causing a panic. The issue is considered a security vulnerability because the crate is frequently used with inputs from the network.

Recommendations: For simple asn1 version 0.6.0, update to version 0.6.1 to resolve the issue. As a temporary workaround, consider restricting the use of the from der function and the der decode function until the patch is applied. Avoid using the simple asn1 crate with untrusted inputs from the network until the issue is resolved.