CVE-2021-46848: GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects...

The vulnerable function asn1_encode_simple_der was identified based on the vulnerability description and the commit message. The exact file path and patch details could not be retrieved through the available tools, hence the medium confidence. The Google search results confirmed the affected function but did not provide further details for a higher confidence assessment. The file path lib/coding.c is a common location for such functions in C libraries, but it's an educated guess due to lack of direct evidence from patches. If the GitLab API had returned commit details, the file path and specific code changes would have been available, leading to higher confidence and more precise evidence. Since the commit information was not available, I relied on the textual descriptions from the vulnerability details and commit messages. The core of the vulnerability lies in the 'ETYPE_OK off-by-one array size check' within the asn1_encode_simple_der function, as consistently mentioned across the provided information and search results. This off-by-one error likely leads to reading data beyond the allocated buffer for an array, a classic out-of-bounds read scenario. The function processes ASN.1 data, and an error in encoding (DER - Distinguished Encoding Rules) due to incorrect size checks can be exploited by crafting malicious ASN.1 structures that trigger this off-by-one condition during encoding. This could lead to information disclosure or a crash, depending on what data is read out-of-bounds and how the program handles it subsequently. The fix would involve correcting the boundary check, likely changing a '<' to '<=' or vice-versa, or adjusting an index or size calculation by 1, to ensure the array access is always within its defined bounds during the DER encoding process handled by asn1_encode_simple_der