Lucene search

K

[email protected]NVD:CVE-2021-46848

HistoryOct 24, 2022 - 2:15 p.m.

CVE-2021-46848

2022-10-2414:15:49

CWE-193

[email protected]

web.nvd.nist.gov

libtasn1

etype_ok

array size

vulnerability

asn1_encode_simple_der

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.004 Low

EPSS

Percentile

73.3%

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

Affected configurations

NVD

Node

gnulibtasn1Range<4.19.0

Node

fedoraprojectfedoraMatch35

OR

fedoraprojectfedoraMatch36

OR

fedoraprojectfedoraMatch37

Node

debiandebian_linuxMatch10.0

References

bugs.gentoo.org/866237

gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5

gitlab.com/gnutls/libtasn1/-/issues/32

lists.debian.org/debian-lts-announce/2023/01/msg00003.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AV4SHDJF2XLB4CUPTBPQQ6CLGZ5LKXPZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ECM2ELTVRYV4BZ5L5GMIRQE27RFHPAQ6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OGO7XST4EIJGX4B2ITZCYSWM24534BSU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V5LWOGF7QRMNFRUCZY6TDYQJVFI6MOQ2/

security.netapp.com/advisory/ntap-20221118-0006/

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

0.004 Low

EPSS

Percentile

73.3%

Related for NVD:CVE-2021-46848