Skip to main content

CVE-2021-46848

CVE Details

Visit the official vulnerability details page for CVE-2021-46848 to learn more.

Initial Publication

10/25/2024

Last Update

12/09/2024

Third Party Dependency

libtasn1-6

NIST CVE Summary

GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.

CVE Severity

9.1

Our Official Summary

This is a vulnerability reported in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. Impacting systems using GNU Libtasn1 before 4.19.0. This flaw enables access to one additional memory byte, significantly constraining the potential damage an attacker could inflict. We are waiting on an upstream fix from the 3rd party vendors and will upgrade the images once the upstream fix becomes available.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.11ImpactedImpactedImpactedImpacted
4.5.10ImpactedImpactedImpactedImpacted
4.5.8ImpactedImpactedImpactedImpacted
4.5.5ImpactedImpactedImpactedImpacted
4.5.4ImpactedImpactedImpactedImpacted
4.4.20ImpactedImpactedImpactedImpacted

Revision History

DateRevision
12/06/2024Advisory severity revised to CRITICAL from LOW
12/05/2024Advisory severity revised to LOW from CRITICAL
12/02/2024Advisory severity revised to CRITICAL from LOW
12/01/2024Advisory severity revised to LOW from CRITICAL
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5