A security researcher discovered a CWE-190 integer overflow vulnerability in the ASN.1 DER parser of a popular open-source Java/Kotlin TLS library. The parser's VLQ decoding function used a 64-bit Long with no overflow protection, allowing an attacker to feed 11 crafted bytes causing 70 bits of left shifts, silently truncating

5m read timeFrom infosecwriteups.com
Post cover image
Table of contents
1. The Background: Understanding VLQs and ASN.1 DER2. The Vulnerability: The Silent Overflow3. The Exploitation: Crafting the PayloadGet Hacker MD ’s stories in your inbox4. The Security Impact: OID Spoofing5. The Remediation

Sort: