CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability

This report analyzes CVE-2021-30737, a serious memory‑corruption bug in Apple's ASN.1 decoder (Security.framework) stemming from an Apple-specific change to NSS made during an early fork. The author details how a crafted constructed bitstring can force the parser to NULL an output pointer, trigger an incorrect per-substring allocation, then overflow that allocation to produce an arbitrary memory‑corruption primitive enabling code execution; the writeup traces the defect to a 2003 import change and documents the patch that reverted the unsafe behavior.