US-CERT warned yesterday that, a large number of software applications created for managing and interconnecting mobile networks around the world may be vulnerable to a remote code execution (RCE) flaw that can allow attackers to take over crucial equipment.
What is ASN1C?ASN.1 (Abstract Syntax Notation One) is an international standard that describes data structures and transfer protocols used in the telecommunications field.
ASN1C is an application created by Objective Systems that takes ASN.1 data structures, operations, and instructions, and converts them to C, C++, C#, or Java code, which can be embedded into applications or software that runs on mobile equipment deployed with classic GSM or more modern LTE networks.
Types of Vendors affectedAccording to the investigation, researchers says that only ASN1C's ASN.1-to-C and ASN.1-to C++ functions are vulnerable. But further more investigation is going on for ASN.1-to-C# and ASN.1-to-Java compilation routines.
The company has released a quick fix for the issue in the latest 7.0.1.x branch of ASN1C, with a permanent fix scheduled for 7.0.2 in the coming weeks.