In vein of general ASN.1 trivia in other comments, how many people rememer the ASN.1 doom of 2002?
Almost everything running SNMP had remote pre-auth vulns and on multiple levels - on the ASN.1 encoding side plus on the levels above that. And most of the SNMP managed gear was things like routers and switches and printers that were a nightmare to upgrade, or even exhaustively enumerate in your network.
watching the error path cleanups in libasn1 in LibreSSL is scary indeed. It's a very complex API indeed, compared to something like the PolarSSL implementation. Undoubtedly more such bugs lurking that will affect routers, printers and other embedded gear for decades to come.
Almost everything running SNMP had remote pre-auth vulns and on multiple levels - on the ASN.1 encoding side plus on the levels above that. And most of the SNMP managed gear was things like routers and switches and printers that were a nightmare to upgrade, or even exhaustively enumerate in your network.
https://www.cert.org/historical/advisories/CA-2002-03.cfm