CVE-2021-46848 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2021-46848?
CVE-2021-46848 is a critical vulnerability in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. Systems using GNU Libtasn1 before 4.19.0, including various Linux distributions, are at risk. Users must update their systems to the latest version to mitigate this vulnerability and protect against potential exploitation.
Who is impacted by this?
CVE-2021-46848 affects users of GNU Libtasn1 versions before 4.19.0. This includes users of the dev-libs/libtasn1 package version 4.18.0 and earlier, and users of the libtasn1-6 package in Debian 10 buster with versions prior to 4.13-3+deb10u1. The vulnerability, caused by an off-by-one array size issue, can lead to an out-of-bounds read, putting systems at risk.
What to do if CVE-2021-46848 affected you
If you're affected by the CVE-2021-46848 vulnerability, it's crucial to update your system to protect it from potential exploitation. Follow these simple steps:
Update the GNU Libtasn1 library to version 4.19.0 or later.
If using Debian 10 buster, upgrade the libtasn1-6 package to version 4.13-3+deb10u1.
Monitor security advisories for any updates or additional information related to this vulnerability.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-46848 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, affecting GNU Libtasn1 before version 4.19.0, is caused by an off-by-one array size check, leading to an out-of-bounds read. To address this vulnerability, users should update their systems to the latest version of the libraWeakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-193, an off-by-one error affecting GNU Libtasn1 before 4.19.0.
Learn More
For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page and the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-46848 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2021-46848?
CVE-2021-46848 is a critical vulnerability in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. Systems using GNU Libtasn1 before 4.19.0, including various Linux distributions, are at risk. Users must update their systems to the latest version to mitigate this vulnerability and protect against potential exploitation.
Who is impacted by this?
CVE-2021-46848 affects users of GNU Libtasn1 versions before 4.19.0. This includes users of the dev-libs/libtasn1 package version 4.18.0 and earlier, and users of the libtasn1-6 package in Debian 10 buster with versions prior to 4.13-3+deb10u1. The vulnerability, caused by an off-by-one array size issue, can lead to an out-of-bounds read, putting systems at risk.
What to do if CVE-2021-46848 affected you
If you're affected by the CVE-2021-46848 vulnerability, it's crucial to update your system to protect it from potential exploitation. Follow these simple steps:
Update the GNU Libtasn1 library to version 4.19.0 or later.
If using Debian 10 buster, upgrade the libtasn1-6 package to version 4.13-3+deb10u1.
Monitor security advisories for any updates or additional information related to this vulnerability.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-46848 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, affecting GNU Libtasn1 before version 4.19.0, is caused by an off-by-one array size check, leading to an out-of-bounds read. To address this vulnerability, users should update their systems to the latest version of the libraWeakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-193, an off-by-one error affecting GNU Libtasn1 before 4.19.0.
Learn More
For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page and the sources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2021-46848 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2021-46848?
CVE-2021-46848 is a critical vulnerability in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. Systems using GNU Libtasn1 before 4.19.0, including various Linux distributions, are at risk. Users must update their systems to the latest version to mitigate this vulnerability and protect against potential exploitation.
Who is impacted by this?
CVE-2021-46848 affects users of GNU Libtasn1 versions before 4.19.0. This includes users of the dev-libs/libtasn1 package version 4.18.0 and earlier, and users of the libtasn1-6 package in Debian 10 buster with versions prior to 4.13-3+deb10u1. The vulnerability, caused by an off-by-one array size issue, can lead to an out-of-bounds read, putting systems at risk.
What to do if CVE-2021-46848 affected you
If you're affected by the CVE-2021-46848 vulnerability, it's crucial to update your system to protect it from potential exploitation. Follow these simple steps:
Update the GNU Libtasn1 library to version 4.19.0 or later.
If using Debian 10 buster, upgrade the libtasn1-6 package to version 4.13-3+deb10u1.
Monitor security advisories for any updates or additional information related to this vulnerability.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2021-46848 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This issue, affecting GNU Libtasn1 before version 4.19.0, is caused by an off-by-one array size check, leading to an out-of-bounds read. To address this vulnerability, users should update their systems to the latest version of the libraWeakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-193, an off-by-one error affecting GNU Libtasn1 before 4.19.0.
Learn More
For a comprehensive understanding of its description, severity, technical details, and known affected software configurations, refer to the NVD page and the sources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions