CVE & CISA-KEV Catalog

CVE-2025-13151

LOW
2.9
CVSS v3
NVD

Description

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.

How to fix

Remediation Available
libtasn1-6Debian
Fixed in:4.21.0-2CVE-2025-13151
libtasn1Red Hat / RHEL
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1Rocky
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-debuginfoRocky
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-debuginfoRed Hat / RHEL
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-debugsourceRocky
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-debugsourceRed Hat / RHEL
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-develRocky
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-develRed Hat / RHEL
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-toolsRocky
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-toolsRed Hat / RHEL
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-tools-debuginfoRed Hat / RHEL
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
libtasn1-tools-debuginfoRocky
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.20.0-5.el10_2RHSA-2026:28235
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
Fixed in:0:4.16.0-10.el9_8RHSA-2026:28253
registry.redhat.io/discovery/discoveryRed Hat / RHEL
Fixed in:ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64RHSA-2026:33313
Fixed in:ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64RHSA-2026:33313
Fixed in:server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64RHSA-2026:33313
Fixed in:server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64RHSA-2026:33313
registry.redhat.io/discovery/discoveryRocky
Fixed in:server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64RHSA-2026:33313
Fixed in:ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64RHSA-2026:33313
Fixed in:ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64RHSA-2026:33313
Fixed in:server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64RHSA-2026:33313
registry.redhat.io/insights-proxy/insights-proxyRocky
Fixed in:container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64RHSA-2026:34102
Fixed in:container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64RHSA-2026:34102
registry.redhat.io/insights-proxy/insights-proxyRed Hat / RHEL
Fixed in:container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64RHSA-2026:34102
Fixed in:container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64RHSA-2026:34102
libtasn1-6Ubuntu
Fixed in:3.4-3ubuntu0.6+esm1USN-7954-2
Fixed in:4.7-3ubuntu0.16.04.3+esm4USN-7954-2
Fixed in:4.13-2ubuntu0.1~esm1USN-7954-2
Fixed in:4.16.0-2ubuntu0.1+esm1USN-7954-2
Fixed in:4.18.0-4ubuntu0.2USN-7954-1
Fixed in:4.19.0-3ubuntu0.24.04.2USN-7954-1
Fixed in:4.20.0-2ubuntu0.25.10.1USN-7954-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityNone

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploit Intelligence

1.11%probability of exploitation in 30 days
62ndpercentile

Moderate risk: more likely to be exploited than 62% of all known CVEs.

References

Third-Party Advisory1
Product1

Related Vulnerabilities

Other CWE-787 (Out-of-bounds Write) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2025-22457Critical9.0100%KEV + RansomFix
CVE-2025-0282Critical9.0100%KEV + Ransom-
CVE-2015-3113Critical9.8100%KEVFix
CVE-2021-20038Critical9.8100%KEV + Ransom-
CVE-2023-4863High8.8100%KEVFix
CVE-2020-16040Medium6.5100%-Fix
Embed a live status badge for CVE-2025-13151
CVE-2025-13151 severity badge

Markdown

[![CVE-2025-13151](https://tridentstack.com/cve/badge/CVE-2025-13151.svg)](https://tridentstack.com/cve/CVE-2025-13151)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-13151"><img src="https://tridentstack.com/cve/badge/CVE-2025-13151.svg" alt="CVE-2025-13151"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-02.