Vulnerability CVE-2021-46848: Information

Description

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Severity: CRITICAL (9.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-46848

Published: Oct. 24, 2022

Modified: Nov. 7, 2023

Error type identifier: CWE-193

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libtasn1	sisyphus	4.19.0-alt1	4.19.0-alt3	ALT-PU-2022-2488-1	305700	Fixed
libtasn1	sisyphus_e2k	4.19.0-alt1	4.19.0-alt3	ALT-PU-2022-5930-1	-	Fixed
libtasn1	sisyphus_riscv64	4.19.0-alt1	4.19.0-alt3	ALT-PU-2022-5829-1	-	Fixed
libtasn1	p10	4.19.0-alt1	4.19.0-alt1	ALT-PU-2022-3082-1	309071	Fixed
libtasn1	p10_e2k	4.19.0-alt1	4.19.0-alt1	ALT-PU-2022-7077-1	-	Fixed
libtasn1	c10f1	4.19.0-alt1	4.19.0-alt1	ALT-PU-2022-3082-1	309071	Fixed
libtasn1	c9f2	4.14-alt1.c9f2.1	4.14-alt1.c9f2.1	ALT-PU-2023-1076-1	313110	Fixed
libtasn1	p11	4.19.0-alt1	4.19.0-alt3	ALT-PU-2022-2488-1	305700	Fixed

Hyperlink	Resource
https://gitlab.com/gnutls/libtasn1/-/issues/32	Exploit Issue Tracking Third Party Advisory
https://bugs.gentoo.org/866237	Issue Tracking Patch Third Party Advisory
https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20221118-0006/	Third Party Advisory
[debian-lts-announce] 20230109 [SECURITY] [DLA 3263-1] libtasn1-6 security update	Mailing List Third Party Advisory
FEDORA-2022-061f857481
FEDORA-2022-3c933ffaca
FEDORA-2022-19056934a7
FEDORA-2022-3f9ee1ad91

Version: v24.5.3