A denial-of-service vulnerability exists in Vanetza versions 26.02 and earlier, affecting the cryptographic verification pipeline for V2X (Vehicle-to-Everything) messages. The flaw stems from inconsistent enforcement of ASN.1 semantic constraints: malformed certificates with invalid Psid (Provider Service Identifier) subtypes are accepted during initial parsing but trigger an unhandled std::runtime_error [truncated]
Vanetza, an open-source implementation of the ETSI C-ITS protocol suite for vehicle-to-everything (V2X) communications, contains a denial-of-service vulnerability in versions 26.02 and earlier. The flaw resides in the ASN.1/OER parsing pipeline, specifically within the asn1c_wrapper.cpp component. When the software processes malformed network packets containing corrupted ASN.1/OER structures—such as inval [truncated]
