In this case it wasn't even ASN.1 at fault (once only in the area of TLS signature verification buds, it seems...).

The real takeaway is: don't implement (new) parsers and/or cryptography in C/C++. Use memory safe languages with strong(er) type systems, like Rust.
RT @ProjectZeroBugs
This shouldn't have happened: A vulnerability postmortem

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!