Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Published

2021-08-24T15:15:09.533

Last Modified

2024-11-21T06:22:13.290

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	< 1.0.2za	Yes
Application	openssl	openssl	< 1.1.1l	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Application	netapp	clustered_data_ontap	-	Yes
Application	netapp	clustered_data_ontap_antivirus_connector	-	Yes
Application	netapp	e-series_santricity_os_controller	≤ 11.50.2	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	manageability_software_development_kit	-	Yes
Application	netapp	santricity_smi-s_provider	-	Yes
Application	netapp	solidfire	-	Yes
Application	netapp	storage_encryption	-	Yes
Application	mcafee	epolicy_orchestrator	< 5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	mcafee	epolicy_orchestrator	5.10.0	Yes
Application	tenable	nessus_network_monitor	< 6.0.0	Yes
Application	tenable	tenable.sc	≤ 5.19.1	Yes
Application	oracle	essbase	< 11.1.2.4.047	Yes
Application	oracle	essbase	< 21.3	Yes
Application	oracle	essbase	21.3	Yes
Application	oracle	mysql_connectors	≤ 8.0.27	Yes
Application	oracle	mysql_enterprise_monitor	≤ 8.0.25	Yes
Application	oracle	mysql_server	≤ 5.7.35	Yes
Application	oracle	mysql_server	≤ 8.0.26	Yes
Application	oracle	mysql_workbench	≤ 8.0.26	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.58	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.59	Yes
Application	oracle	secure_backup	18.1.0.1.0	Yes
Application	oracle	zfs_storage_appliance_kit	8.8	Yes
Application	siemens	sinec_infrastructure_network_services	< 1.0.1.1	Yes
Application	oracle	communications_cloud_native_core_console	1.9.0	Yes
Application	oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0	Yes
Application	oracle	communications_cloud_native_core_unified_data_repository	1.15.0	Yes
Application	oracle	communications_session_border_controller	8.4	Yes
Application	oracle	communications_session_border_controller	9.0	Yes
Application	oracle	communications_unified_session_manager	8.2.5	Yes
Application	oracle	communications_unified_session_manager	8.4.5	Yes
Application	oracle	enterprise_communications_broker	3.2.0	Yes
Application	oracle	enterprise_communications_broker	3.3.0	Yes
Application	oracle	enterprise_session_border_controller	8.4	Yes
Application	oracle	enterprise_session_border_controller	9.0	Yes
Application	oracle	health_sciences_inform_publisher	6.2.1.0	Yes
Application	oracle	health_sciences_inform_publisher	6.3.1.1	Yes
Application	oracle	jd_edwards_enterpriseone_tools	< 9.2.6.3	Yes
Application	oracle	jd_edwards_world_security	a9.4	Yes

References

http://www.openwall.com/lists/oss-security/2021/08/26/2 Mailing List, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf Patch, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 ([email protected])
https://kc.mcafee.com/corporate/index?page=content&id=SB10366 Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E ([email protected])
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202209-02 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202210-02 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20210827-0010/ Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20240621-0006/ ([email protected])
https://www.debian.org/security/2021/dsa-4963 Third Party Advisory ([email protected])
https://www.openssl.org/news/secadv/20210824.txt Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2021-16 Third Party Advisory ([email protected])
https://www.tenable.com/security/tns-2022-02 Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/08/26/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 (af854a3a-2127-422b-91ae-364da2661108)
https://kc.mcafee.com/corporate/index?page=content&id=SB10366 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202209-02 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-02 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210827-0010/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240621-0006/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4963 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssl.org/news/secadv/20210824.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2021-16 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/security/tns-2022-02 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)