CVE-2021-46848
CVE Details
Last Update
11/7/24
NIST CVE Summary
GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.
Our Official Summary
This is a vulnerability reported in GNU Libtasn1 before version 4.19.0, a library used to manage the ASN.1 data structure. This vulnerability is caused by an off-by-one array size check issue, leading to an out-of-bounds read. Impacting systems using GNU Libtasn1 before 4.19.0. This flaw enables access to one additional memory byte, significantly constraining the potential damage an attacker could inflict. We are waiting on an upstream fix from the 3rd party vendors and will upgrade the images once the upstream fix becomes available.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX airgap 4.4.14, 4.4.18, 4.5.3, 4.5.8
- Palette Enterprise airgap 4.4.18, 4.5.3, 4.5.8
- Palette VerteX 4.5.3, 4.5.8
- Palette Enterprise 4.5.3, 4.5.8
Revision History
- 1.0 08/16/2024 Initial Publication
- 2.0 08/17/2024 Added Palette VerteX airgap 4.4.14 to Affected Products
- 3.0 09/17/2024 Added Palette VerteX airgap 4.4.18 & Palette Enterprise airgap 4.4.18 to Affected Products
- 4.0 10/10/2024 Added Palette VerteX airgap 4.5.3 & Palette Enterprise airgap 4.5.3 to Affected Products
- 5.0 10/14/2024 Added Palette Enterprise & Palette VerteX 4.5.3 to Affected Products
- 6.0 11/7/2024 Added Palette VerteX airgap, Palette Enterprise airgap, Palette Enterprise, and Palette VerteX 4.5.8 to Affected Products