Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Published

2021-08-24T15:15:09.133

Last Modified

2024-11-21T06:22:12.960

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	< 1.1.1l	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	clustered_data_ontap	-	Yes
Application	netapp	clustered_data_ontap_antivirus_connector	-	Yes
Application	netapp	e-series_santricity_os_controller	≤ 11.50.2	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	manageability_software_development_kit	-	Yes
Application	netapp	oncommand_insight	-	Yes
Application	netapp	oncommand_workflow_automation	-	Yes
Application	netapp	santricity_smi-s_provider	-	Yes
Application	netapp	snapcenter	-	Yes
Application	netapp	solidfire	-	Yes
Application	netapp	storage_encryption	-	Yes
Application	oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0	Yes
Application	oracle	communications_cloud_native_core_unified_data_repository	1.15.0	Yes
Application	oracle	communications_session_border_controller	8.4	Yes
Application	oracle	communications_session_border_controller	9.0	Yes
Application	oracle	communications_unified_session_manager	8.2.5	Yes
Application	oracle	communications_unified_session_manager	8.4.5	Yes
Application	oracle	enterprise_communications_broker	3.2.0	Yes
Application	oracle	enterprise_communications_broker	3.3.0	Yes
Application	oracle	enterprise_session_border_controller	8.4	Yes
Application	oracle	enterprise_session_border_controller	9.0	Yes
Application	oracle	essbase	< 11.1.2.4.47	Yes
Application	oracle	essbase	< 21.3	Yes
Application	oracle	health_sciences_inform_publisher	6.2.1.1	Yes
Application	oracle	health_sciences_inform_publisher	6.3.1.1	Yes
Application	oracle	jd_edwards_enterpriseone_tools	< 9.2.6.3	Yes
Application	oracle	jd_edwards_world_security	a9.4	Yes
Application	oracle	mysql_connectors	≤ 8.0.27	Yes
Application	oracle	mysql_enterprise_monitor	≤ 8.0.25	Yes
Application	oracle	mysql_server	≤ 5.7.35	Yes
Application	oracle	mysql_server	≤ 8.0.26	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.58	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.59	Yes
Application	oracle	zfs_storage_appliance_kit	8.8	Yes
Application	tenable	nessus_network_monitor	≤ 5.13.1	Yes
Application	tenable	tenable.sc	≤ 5.19.1	Yes

References

http://www.openwall.com/lists/oss-security/2021/08/26/2 Mailing List, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Third Party Advisory ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 ([email protected])
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E ([email protected])
https://security.gentoo.org/glsa/202209-02 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202210-02 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210827-0010/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20211022-0003/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240621-0006/ ([email protected])
https://www.debian.org/security/2021/dsa-4963 Third Party Advisory ([email protected])
https://www.openssl.org/news/secadv/20210824.txt Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2021-16 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2022-02 Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/08/26/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202209-02 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-02 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210827-0010/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20211022-0003/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240621-0006/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4963 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssl.org/news/secadv/20210824.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2021-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2022-02 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)