CVE-2025-55398

An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mouse07410/asn1c/issues/222

Configurations

No configuration.

History

26 Aug 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-1284
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
Summary		(es) Se detectó un problema en mouse07410 asn1c hasta la versión 0.9.29 (20/03/2025), una bifurcación de vlm asn1c. En UPER (Reglas de Codificación Empaquetada No Alineada), los decodificadores generados por asn1c no aplican las restricciones INTEGER cuando el límite es positivo y supera los 32 bits, lo que podría permitir el procesamiento de entradas incorrectas o maliciosas.

22 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-22 17:15

Updated : 2025-08-26 14:15

NVD link : CVE-2025-55398

Mitre link : CVE-2025-55398

CVE.ORG link : CVE-2025-55398

JSON object : View

Products Affected

No product.

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

9.8 /10