Vanetza ASN.1/OER Parsing Denial-of-Service Vulnerability

A denial-of-service vulnerability exists in Vanetza versions through 26.02, within the ASN.1/OER parsing pipeline. The issue arises when the application processes malformed network packets containing corrupted ASN.1/OER structures, such as invalid length fields or improperly encoded certificates. The ASN.1 wrapper (asn1c_wrapper.cpp) throws a std::runtime_error, which is not caught at the parsing boundary. This uncaught exception propagates to std::terminate, leading to process termination. The vulnerability can be exploited by sending crafted packets from unauthenticated and untrusted network sources, causing a reliable denial-of-service by terminating the application and disrupting availability.

Impact

Exploitation of this vulnerability causes the application to terminate abruptly, leading to a loss of availability.

Reproduction

The vulnerability can be reproduced by checking out the Vanetza repository at the specified commit, building the application with AddressSanitizer enabled, and then using a fuzzing tool to send a crafted packet that triggers the exception. The observed behavior will be an abrupt termination of the process, indicating that the application has crashed due to the unhandled exception.

Remediation

Users can update to Vanetza commit 62dfe58a8342512b6e1947d75821402ada524f1a, which addresses the vulnerability by adding proper exception handling at the parsing boundary to safely reject malformed input without crashing the application.