Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-ORACLE8-LIBTASN1-3229084
- published 13 Jan 2023
- disclosed 24 Oct 2022
How to fix?
libtasn1 to version 0:4.13-4.el8_7 or higher.
This issue was patched in
Note: Versions mentioned in the description apply only to the upstream
libtasn1 package and not the
libtasn1 package as distributed by
How to fix? for
Oracle:8 relevant fixed versions and status.
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.