CVE-2021-3711
Description
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the out parameter can be NULL and, on exit, the outlen parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the out parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-3711 are fixed in OpenSSL 1.1.1l | Windows |
| Vulnerabilities CVE-2021-3711 are fixed in OpenSSL (x64) 1.1.1l | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-3712 are fixed in OpenSSL 1.1.1l | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-3712 are fixed in OpenSSL (x64) 1.1.1l | Windows |
| Multiple Vulnerabilities are affected in Mysql 8.0.26 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Community 2017 15.9.41 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Enterprise 2017 15.9.41 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Professional 2017 15.9.41 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Community 2019 16.11.6 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Community 2019 16.9.13 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Community 2019 16.7.21 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Enterprise 2019 16.11.6 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Enterprise 2019 16.9.13 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Enterprise 2019 16.7.21 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Professional 2019 16.11.6 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Professional 2019 16.9.13 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-42277,CVE-2021-42319 are fixed in Microsoft Visual Studio Professional 2019 16.7.21 | Windows |
| Vulnerabilities CVE-2020-8927,CVE-2021-3711,CVE-2022-24464,CVE-2022-24512 are fixed in Microsoft Visual Studio Community 2022 17.0.7 | Windows |
| Vulnerabilities CVE-2021-3711 are fixed in Microsoft Visual Studio Community 2022 17.1.1 | Windows |
| Vulnerabilities CVE-2020-8927,CVE-2021-3711,CVE-2022-24464,CVE-2022-24512 are fixed in Microsoft Visual Studio Enterprise 2022 17.0.7 | Windows |
| Vulnerabilities CVE-2021-3711 are fixed in Microsoft Visual Studio Enterprise 2022 17.1.1 | Windows |
| Vulnerabilities CVE-2020-8927,CVE-2021-3711,CVE-2022-24464,CVE-2022-24512 are fixed in Microsoft Visual Studio Professional 2022 17.0.7 | Windows |
| Vulnerabilities CVE-2021-3711 are fixed in Microsoft Visual Studio Professional 2022 17.1.1 | Windows |
| Vulnerabilities CVE-2021-22926,CVE-2021-35604,CVE-2021-35624,CVE-2021-3711 are affected in Mysql 5.7.35 | Windows |
| Multiple vulnerabilities are fixed in Nessus 6.0.1 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-3712 are fixed in Nessus 6.0.0 | Windows |
| Multiple vulnerabilities are fixed in Tenable Nessus 6.0.1 | Windows |
| Vulnerabilities CVE-2021-3711,CVE-2021-3712 are fixed in Tenable Nessus 6.0.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Vulnerabilities CVE-2021-3711 are affected in IBM App Connect Enterprise 12.0.2.0 | Windows |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-1.1.1d-2.36.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-32bit-1.1.1d-2.36.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-1.1.1d-2.36.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) libopenssl1_1-debuginfo-32bit-1.1.1d-2.36.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-1.1.1d-2.36.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debuginfo-1.1.1d-2.36.2.x86_64.rpm | Linux |
| SUSE-SU-2021:2833-1(SUSE Linux Enterprise Server 12-SP5 ) openssl-1_1-debugsource-1.1.1d-2.36.2.x86_64.rpm | Linux |
| openssl security update(DSA-4963-1) openssl_1.1.1d-0+deb10u7_i386.deb | Linux |
| openssl security update(DSA-4963-1) openssl_1.1.1d-0+deb10u7_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5051-1) libssl1.1_1.1.1f-1ubuntu2.8_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5051-1) libssl1.1_1.1.1f-1ubuntu2.8_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5051-1) libssl1.1_1.1.1j-1ubuntu3.5_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5051-1) libssl1.1_1.1.1j-1ubuntu3.5_amd64.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5051-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.13_i386.deb | Linux |
| Secure Socket Layer (SSL) cryptographic library and tools (USN-5051-1) libssl1.1_1.1.1-1ubuntu2.1~18.04.13_amd64.deb | Linux |
| Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability (CVE-2021-3711) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234