diff --git a/SOURCES/libtasn1-4.19-CVE-2021-46848.patch b/SOURCES/libtasn1-4.19-CVE-2021-46848.patch
new file mode 100644
index 0000000..e4383f3
--- /dev/null
+++ b/SOURCES/libtasn1-4.19-CVE-2021-46848.patch
@@ -0,0 +1,11 @@
+--- a/lib/int.h	2022-11-30 14:21:26.985600761 -0500
++++ b/lib/int.h	2022-11-30 14:23:25.856065950 -0500
+@@ -97,7 +97,7 @@
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
++                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
diff --git a/SPECS/libtasn1.spec b/SPECS/libtasn1.spec
index 8701ddc..7cd9764 100644
--- a/SPECS/libtasn1.spec
+++ b/SPECS/libtasn1.spec
@@ -1,7 +1,7 @@
 Summary:	The ASN.1 library used in GNUTLS
 Name:		libtasn1
 Version:	4.13
-Release:	3%{?dist}
+Release:	4%{?dist}
 
 # The libtasn1 library is LGPLv2+, utilities are GPLv3+
 License:	GPLv3+ and LGPLv2+
@@ -11,6 +11,7 @@ Source0:	http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz
 Source1:	http://ftp.gnu.org/gnu/libtasn1/%name-%version.tar.gz.sig
 Source2:	gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
 Patch1:		libtasn1-3.4-rpath.patch
+Patch300:	libtasn1-4.19-CVE-2021-46848.patch
 
 BuildRequires:	bison, pkgconfig, help2man
 BuildRequires:	autoconf, automake, libtool
@@ -56,6 +57,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %setup -q
 
 %patch1 -p1 -b .rpath
+%patch300 -p1 -b .CVE-2021-46848
 
 %build
 autoreconf -v -f --install
@@ -108,6 +110,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \
 
 
 %changelog
+* Wed Nov 30 2022 Simo Sorce <simo@redhat.com> - 4.13-4
+- Resolves: rhbz#2140600
+
 * Fri Aug  3 2018 Florian Weimer <fweimer@redhat.com> - 4.13-3
 - Honor %%{valgrind_arches}