CVE-2021-46848 — Off-by-one Error in Libtasn1

CWE-193 — Off-by-one Error CWE-125 — Out-of-bounds Read14 documents9 sources

Severity

9.1CRITICALNVD

EPSS

0.5%

top 33.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libtasn1 Debian Linux Fedoraproject Fedora

Timeline

PublishedOct 24

Latest updateFeb 10

Description

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDgnu/libtasn1< 4.19.0

Also affects: Debian Linux 10.0, Fedora 35, 36, 37

Patches

Patch: bugs.gentoo.org ↗Patch: gitlab.com ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

OSV

libtasn1-6 vulnerabilities↗2026-02-10

▶

OSV

libtasn1-6 vulnerabilities↗2026-01-12

▶

OSV

CVE-2021-46848: GNU Libtasn1 before 4↗2022-10-24

▶

GHSA

GHSA-6468-68pw-9chw: GNU Libtasn1 before 4↗2022-10-24

▶

CVEList

CVE-2021-46848: GNU Libtasn1 before 4↗2022-10-24

▶

📋Vendor Advisories

Ubuntu

Libtasn1 vulnerabilities↗2026-02-10

▶

Ubuntu

Libtasn1 vulnerabilities↗2026-01-12

▶

Oracle

Oracle Oracle Communications Risk Matrix: Install/Upgrade (Libtasn1) — CVE-2021-46848↗2024-01-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Policy (GNU Libtasn1) — CVE-2021-46848↗2023-04-15

▶

Ubuntu

Libtasn1 vulnerability↗2022-10-31

▶