vulnerability
Amazon Linux 2023: CVE-2021-46848: Important priority package update for libtasn1
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Oct 24, 2022 | Feb 17, 2025 | Jul 4, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Oct 24, 2022
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack.
An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack.
Solutions
amazon-linux-2023-upgrade-libtasn1amazon-linux-2023-upgrade-libtasn1-debuginfoamazon-linux-2023-upgrade-libtasn1-debugsourceamazon-linux-2023-upgrade-libtasn1-develamazon-linux-2023-upgrade-libtasn1-toolsamazon-linux-2023-upgrade-libtasn1-tools-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.