CVE-2021-46848

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Libtasn1 versions prior to 4.19.0

Description The issue is related to an off-by-one error in the asn1 encode simple der() function of the Libtasn1 library. This can be exploited by a remote attacker to disclose protected information or cause a denial of service by sending specially crafted data to the application. The error is due to an incorrect array size check, specifically an ETYPE OK check.

Recommendations For GNU Libtasn1 versions prior to 4.19.0, update to version 4.19.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the asn1 encode simple der() function until a patch is available.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-193

Related Identifiers

ALSA-2023:0116

ALSA-2023:0343

ALT-PU-2022-2488

ALT-PU-2022-3082

ALT-PU-2023-1076

ALT-PU-2025-3626

AZL-11318

BDU:2022-06694

CESA-2023_0116

CVE-2021-46848

DLA-3263-1

INFSA-2023_0343

MGASA-2022-0414

OESA-2022-2030

OESA-2024-1699

OESA-2024-1700

OESA-2024-1714

OPENSUSE-SU-2022_3784-1

RHSA-2023:0116

RHSA-2023:0343

RHSA-2023_0116

RHSA-2023_0343

RHSA-2024:0427

RLSA-2023:0116

RLSA-2023:0343

SUSE-SU-2022:3784-1

SUSE-SU-2022:3797-1

SUSE-SU-2022:3817-1

SUSE-SU-2022_3784-1

SUSE-SU-2022_3817-1

USN-5707-1

USN-7954-1

USN-7954-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libtasn1

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2021-46848

Weakness Enumeration

Related Identifiers

Affected Products

References · 85