INFCSA-2023:0343: libtasn1 security update
Information about definition
Identificator: INFCSA-2023:0343
Type: security
Release date: 2025-09-24 19:37:16 UTC
Information about package
A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.
Vulnerabilities description
- CVE-2021-46848
An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2021-46848
|
no information | 5.9 | no information |
Updated packages
Preparing to download...