In this case it wasn't even ASN.1 at fault (once only in the area of TLS signature verification buds, it seems...).
The real takeaway is: don't implement (new) parsers and/or cryptography in C/C++. Use memory safe languages with strong(er) type systems, like Rust.
This shouldn't have happened: A vulnerability postmortem https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!