David Trabish

**Name of the Vulnerable Software and Affected Versions** GNU Libtasn1 versions prior to 4.19.0 **Description** The issue is related to an off-by-one error in the `asn1 encode simple der()` function of the Libtasn1 library. This can be exploited by a remote attacker to disclose protected information or cause a denial of service by sending specially crafted data to the application. The error is due to an incorrect array size check, specifically an ETYPE OK check. **Recommendations** For GNU Libtasn1 versions prior to 4.19.0, update to version 4.19.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `asn1 encode simple der()` function until a patch is available.