<p>Upgrade <code>RHEL:9</code> <code>libtasn1-tools</code> to version 0:4.16.0-8.el9_1 or higher.<br>This issue was patched in <code>RHSA-2023:0343</code>.</p>

Off-by-one Error Affecting libtasn1-tools package, versions <0:4.16.0-8.el9_1

Snyk CVSS

Attack Complexity High

Availability High

Threat Intelligence

EPSS 0.37% (73^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-RHEL9-LIBTASN1TOOLS-3104651
published 4 Nov 2022
disclosed 24 Oct 2022

Report a new vulnerability Found a mistake?

Introduced: 24 Oct 2022

CVE-2021-46848 Open this link in a new tab CWE-193 Open this link in a new tab CWE-125 Open this link in a new tab

How to fix?

Upgrade RHEL:9 libtasn1-tools to version 0:4.16.0-8.el9_1 or higher.
This issue was patched in RHSA-2023:0343.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libtasn1-tools package and not the libtasn1-tools package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.