Описание
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
An out-of-bounds read flaw was found in Libtasn1 due to an ETYPE_OK off-by-one error in the asn1_encode_simple_der() function. This flaw allows a remote attacker to pass specially crafted data or invalid values to the application, triggering an off-by-one error, corrupting the memory, and possibly performing a denial of service (DoS) attack.
Отчет
This flaw enables access to one additional memory byte, significantly constraining the potential damage an attacker could inflict. For this reason it is rated as having a Moderate impact to Red Hat Offerings.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libtasn1 | Not affected | ||
| Red Hat Enterprise Linux 7 | libtasn1 | Out of support scope | ||
| Red Hat Satellite 6 | libtasn1 | Will not fix | ||
| Red Hat Enterprise Linux 8 | libtasn1 | Fixed | RHSA-2023:0116 | 12.01.2023 |
| Red Hat Enterprise Linux 8 | libtasn1 | Fixed | RHSA-2023:0116 | 12.01.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | libtasn1 | Fixed | RHSA-2024:0427 | 25.01.2024 |
| Red Hat Enterprise Linux 9 | libtasn1 | Fixed | RHSA-2023:0343 | 23.01.2023 |
| Red Hat Enterprise Linux 9 | libtasn1 | Fixed | RHSA-2023:0343 | 23.01.2023 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...
5.9 Medium
CVSS3