CVE-2021-3711

Summary

CVE	CVE-2021-3711
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-24 15:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	Clustered Data Ontap	-	All	All	All
Application	Netapp	Clustered Data Ontap Antivirus Connector	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Manageability Software Development Kit	-	All	All	All
Application	Netapp	Oncommand Insight	-	All	All	All
Application	Netapp	Oncommand Workflow Automation	-	All	All	All
Application	Netapp	Santricity Smi-s Provider	-	All	All	All
Application	Netapp	Snapcenter	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Netapp	Storage Encryption	-	All	All	All
Application	Openssl	Openssl	All	All	All	All
Application	Oracle	Communications Cloud Native Core Security Edge Protection Proxy	1.7.0	All	All	All
Application	Oracle	Communications Cloud Native Core Unified Data Repository	1.15.0	All	All	All
Application	Oracle	Communications Session Border Controller	8.4	All	All	All
Application	Oracle	Communications Session Border Controller	9.0	All	All	All
Application	Oracle	Communications Unified Session Manager	8.2.5	All	All	All
Application	Oracle	Communications Unified Session Manager	8.4.5	All	All	All
Application	Oracle	Enterprise Communications Broker	3.2.0	All	All	All
Application	Oracle	Enterprise Communications Broker	3.3.0	All	All	All
Application	Oracle	Enterprise Session Border Controller	8.4	All	All	All
Application	Oracle	Enterprise Session Border Controller	9.0	All	All	All
Application	Oracle	Essbase	All	All	All	All
Application	Oracle	Health Sciences Inform Publisher	6.2.1.1	All	All	All
Application	Oracle	Health Sciences Inform Publisher	6.3.1.1	All	All	All
Application	Oracle	Jd Edwards Enterpriseone Tools	All	All	All	All
Application	Oracle	Jd Edwards World Security	a9.4	All	All	All
Application	Oracle	Mysql Connectors	All	All	All	All
Application	Oracle	Mysql Enterprise Monitor	All	All	All	All
Application	Oracle	Mysql Server	All	All	All	All
Application	Oracle	Mysql Server	All	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.57	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.58	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.59	All	All	All
Application	Oracle	Zfs Storage Appliance Kit	8.8	All	All	All
Application	Tenable	Nessus Network Monitor	All	All	All	All
Application	Tenable	Tenable.sc	All	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-4963-1 openssl	DEBIAN	www.debian.org
Pony Mail!	MLIST	lists.apache.org
August 2021 OpenSSL Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 - Security Advisory \| Tenable®	CONFIRM	www.tenable.com
git.openssl.org Git - openssl.git/commitdiff		git.openssl.org
Oracle Critical Patch Update Advisory - April 2022	MISC	www.oracle.com
OpenSSL: Multiple Vulnerabilities (GLSA 202210-02) — Gentoo security	GENTOO	security.gentoo.org
[R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory \| Tenable®	CONFIRM	www.tenable.com
[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?		lists.apache.org
Oracle Critical Patch Update Advisory - October 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - January 2022	MISC	www.oracle.com
www.openssl.org/news/secadv/20210824.txt	CONFIRM	www.openssl.org
IBM Spectrum Protect: Multiple Vulnerabilities (GLSA 202209-02) — Gentoo security	GENTOO	security.gentoo.org
oss-security - OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)	MLIST	www.openwall.com
git.openssl.org Git - openssl.git/commitdiff	CONFIRM	git.openssl.org
Pony Mail!	MLIST	lists.apache.org
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	CONFIRM	cert-portal.siemens.com
[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?		lists.apache.org
October 2021 MySQL Server Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: John Ouyang

Legacy QID Mappings

178774 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4963-1)
183872 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3711)
198469 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5051-1)
20236 Oracle MySQL October 2021 Critical Patch Update (CPU October 2021)
296061 Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)
376103 Open Secure Sockets Layer (OpenSSL) Security Update
376204 Mysql Workbench Critical Patch Update Oct 2021
376257 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2022)
376367 Oracle Essbase Administration Services Security Update (CPUJAN2022)
379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
38855 Open Secure Sockets Layer (OpenSSL) Security Update (OpenSSL Security Advisory 20210824)
500499 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
500567 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
500766 Alpine Linux Security Update for openssl
501166 Alpine Linux Security Update for openssl
501985 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
502904 Alpine Linux Security Update for openssl1.1-compat
504258 Alpine Linux Security Update for openssl
505781 Alpine Linux Security Update for openssl1.1-compat
590870 Mitsubishi Electric MELSOFT iQ AppPortal Multiple Vulnerabilities (ICSA-22-132-02)
670831 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2717)
670993 EulerOS Security Update for Open Secure Sockets Layer111d (OpenSSL111d) (EulerOS-SA-2021-2668)
671015 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2692)
671019 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2639)
690055 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (96811d4a-04ec-11ec-9b84-d4c9ef517024)
690192 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (c9387e4d-2f5f-11ec-8be6-d4c9ef517024)
710616 Gentoo Linux IBM Spectrum Protect Multiple Vulnerabilities (GLSA 202209-02)
710638 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202210-02)
730206 McAfee Web Gateway Multiple Vulnerabilities (WP-3792, WP-4003, WP-4021, WP-4058, WP-4067)
751031 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2833-1)
751035 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:2830-1)
751050 OpenSUSE Security Update for Open Secure Sockets Layer (OpenSSL) (openSUSE-SU-2021:1188-1)
752251 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2022:2134-1)
752995 SUSE Enterprise Linux Security Update for grafana (SUSE-SU-2022:4428-1)
900333 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6005)
900910 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6779-1)
91831 Microsoft Visual Studio Security Update - November 2021