CVE-2021-3711
Published on: 08/24/2021 12:00:00 AM UTC
Last Modified on: 12/06/2022 09:23:00 PM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
- CVE-2021-3711 has been assigned by
openssl-secur[email protected] to track the vulnerability - currently rated as CRITICAL severity. - Affected Vendor/Software: OpenSSL - OpenSSL version Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
CVSS3 Score: 9.8 - CRITICAL
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.5 - HIGH
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Debian -- Security Information -- DSA-4963-1 openssl | www.debian.org Depreciated Link text/html |
DEBIAN DSA-4963 |
| Pony Mail! | lists.apache.org text/html |
MLIST [tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release? |
| August 2021 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20210827-0010/ |
| [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 - Security Advisory | Tenable® | www.tenable.com text/html |
CONFIRM www.tenable.com/security/tns-2021-16 |
| Oracle Critical Patch Update Advisory - April 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuapr2022.html |
| OpenSSL: Multiple Vulnerabilities (GLSA 202210-02) — Gentoo security | security.gentoo.org text/html |
GENTOO GLSA-202210-02 |
| [R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | www.tenable.com text/html |
CONFIRM www.tenable.com/security/tns-2022-02 |
| Oracle Critical Patch Update Advisory - October 2021 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuoct2021.html |
| Oracle Critical Patch Update Advisory - January 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujan2022.html |
| www.openssl.org text/plain |
CONFIRM www.openssl.org/news/secadv/20210824.txt | |
| IBM Spectrum Protect: Multiple Vulnerabilities (GLSA 202209-02) — Gentoo security | security.gentoo.org text/html |
GENTOO GLSA-202209-02 |
| oss-security - OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712) | www.openwall.com text/html |
MLIST [oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712) |
| git.openssl.org Git - openssl.git/commitdiff | git.openssl.org text/xml |
CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 |
| Pony Mail! | lists.apache.org text/html |
MLIST [tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release? |
| cert-portal.siemens.com application/pdf |
CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | |
| October 2021 MySQL Server Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20211022-0003/ |
Related QID Numbers
- 178774 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4963-1)
- 183872 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3711)
- 198469 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5051-1)
- 20236 Oracle MySQL October 2021 Critical Patch Update (CPU October 2021)
- 296061 Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)
- 376103 Open Secure Sockets Layer (OpenSSL) Security Update
- 376204 Mysql Workbench Critical Patch Update Oct 2021
- 376257 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2022)
- 376367 Oracle Essbase Administration Services Security Update (CPUJAN2022)
- 38855 Open Secure Sockets Layer (OpenSSL) Security Update (OpenSSL Security Advisory 20210824)
- 500499 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500567 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500766 Alpine Linux Security Update for openssl
- 501166 Alpine Linux Security Update for openssl
- 501985 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
- 502904 Alpine Linux Security Update for openssl1.1-compat
- 590870 Mitsubishi Electric MELSOFT iQ AppPortal Multiple Vulnerabilities (ICSA-22-132-02)
- 670831 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2717)
- 670993 EulerOS Security Update for Open Secure Sockets Layer111d (OpenSSL111d) (EulerOS-SA-2021-2668)
- 671015 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2692)
- 671019 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2639)
- 690055 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (96811d4a-04ec-11ec-9b84-d4c9ef517024)
- 690192 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (c9387e4d-2f5f-11ec-8be6-d4c9ef517024)
- 710616 Gentoo Linux IBM Spectrum Protect Multiple Vulnerabilities (GLSA 202209-02)
- 710638 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202210-02)
- 730206 McAfee Web Gateway Multiple Vulnerabilities (WP-3792, WP-4003, WP-4021, WP-4058, WP-4067)
- 751031 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2833-1)
- 751035 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:2830-1)
- 751050 OpenSUSE Security Update for Open Secure Sockets Layer (OpenSSL) (openSUSE-SU-2021:1188-1)
- 752251 SUSE Enterprise Linux Security Update for SUSE Manager Client Tools (SUSE-SU-2022:2134-1)
- 752995 SUSE Enterprise Linux Security Update for grafana (SUSE-SU-2022:4428-1)
- 900333 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6005)
- 900910 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6779-1)
- 91831 Microsoft Visual Studio Security Update - November 2021
Exploit/POC from Github
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typica…
Known Affected Configurations (CPE V2.3)
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*:
- cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*:
- cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*:
Discovery Credit
John Ouyang
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @flano_yuki |
OpenSSL 1.1.1l [24 Aug 2021] - Fixed an SM2 Decryption Buffer Overflow ([CVE-2021-3711]) - Fixed various read buffe… twitter.com/i/web/status/1… | 2021-08-24 14:05:29 |
| @jschauma |
OpenSSL 1.1.1l just landed, fixing CVE-2021-3712 (ASN.1 printing of non-Null terminated string) and • CVE-2021-3711… twitter.com/i/web/status/1… | 2021-08-24 14:17:19 |
| @w4yh |
SM2 Decryption Buffer Overflow (CVE-2021-3711): High Read buffer overruns processing ASN.1 strings (CVE-2021-3712):… twitter.com/i/web/status/1… | 2021-08-24 14:23:53 |
| @ttdoda |
ざっと眺めた感じだとCVE-2021-3711, CVE-2021-3712共にTera Term (ttssh)には影響しないな。 | 2021-08-24 14:25:45 |
| @autumn_good_35 |
OpenSSLで脆弱性アップデート。 Severity: High SM2 Decryption Buffer Overflow (CVE-2021-3711) Severity: Moderate Read buffer o… twitter.com/i/web/status/1… | 2021-08-24 14:30:00 |
| @CVEreport |
CVE-2021-3711 : In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY… twitter.com/i/web/status/1… | 2021-08-24 14:56:27 |
| @m_masaru |
CVE-2021-3711はSM2の必要なバッファサイズの計算が間違っていたと openssl.org/news/secadv/20… github.com/openssl/openss… SM2は中国政府の署名形式で、libresslはそもそ… twitter.com/i/web/status/1… | 2021-08-24 14:57:12 |
| @LinInfoSec |
Openssl - CVE-2021-3711: openssl.org/news/secadv/20… | 2021-08-24 16:25:58 |
| @tux_care |
New OpenSSL vulnerabilities, including a High severity one. CVE-2021-3711 and CVE-2021-3712. Find out the details i… twitter.com/i/web/status/1… | 2021-08-24 16:29:50 |
| @cryptostorm_is |
Upgraded everything to OpenSSL 1.1.1l, which addresses CVE-2021-3711 and CVE-2021-3712 - openssl.org/news/changelog… | 2021-08-24 16:49:18 |
| @omokazuki |
SIOSセキュリティブログを更新しました。 OpenSSLの脆弱性情報(High: CVE-2021-3711, Moderate: CVE-2021-3712 ) #sios_tech #security… twitter.com/i/web/status/1… | 2021-08-24 20:50:20 |
| @motok2501 |
FreeBSD-SA-21:16.openssl 上流のCVE-2021-3711,CVE-2021-3712対策を取り込んだ。3711はSM2デスクリプションで平文用バッファ長計算を誤っていてbuffer overflow可能性… twitter.com/i/web/status/1… | 2021-08-24 23:36:19 |
| @SecUnicorn |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior ift.tt/3sKa431 #Infosec | 2021-08-25 00:09:00 |
| @MOFU_M0FU |
サマンサモスモス… あ、違っ、SM2の暗号データを復号化する際にバッファオーバーフローの脆弱性があるとかないとか。 OpenSSLの脆弱性(CVE-2021-3711)をチェック!CVE-2021-3712もね。 | 2021-08-25 00:35:27 |
| @AliensonDaniel |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior dlvr.it/S6GBDf | 2021-08-25 00:35:32 |
| @iSecurity |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior dlvr.it/S6GCcd #InfoSecNews | 2021-08-25 00:52:02 |
| @antitree |
The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to… twitter.com/i/web/status/1… | 2021-08-25 01:50:01 |
| @softek_jp |
OpenSSL の SM2 暗号文の復号処理に任意のコードを実行される問題 (CVE-2021-3711) [39784] sid.softek.jp/content/show/3… #SIDfm #脆弱性情報 | 2021-08-25 02:12:44 |
| @djonesax |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior dlvr.it/S6GPXY | 2021-08-25 02:38:01 |
| @pseudonyme_ovb |
securityaffairs.co/wordpress/1214… | 2021-08-25 04:26:54 |
| @LudovicoLoreti |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior securityaffairs.co/wordpress/1214… #Security… twitter.com/i/web/status/1… | 2021-08-25 05:01:14 |
| @boannews |
오픈SSL의 CVE-2021-3711 취약점, 애플리케이션 변조시켜 boannews.com/media/view.asp… | 2021-08-25 05:38:53 |
| @itsec_jp |
統合版 JPCERT/CC | 注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) ift.tt/3891TnJ #itsec_jp | 2021-08-25 05:55:55 |
| @sec_trend |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) izumino.jp/Security/sec_t… jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:00:28 |
| @cyberdian_cert |
Security Alert: Alert Regarding Vulnerabilities (CVE-2021-3711, CVE-2021-3712) in OpenSSL bit.ly/38aLOh5… twitter.com/i/web/status/1… | 2021-08-25 06:00:57 |
| @kyokoi1979 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:02:40 |
| @jpcert |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起を公開。OpenSSL Projectの情報を確認し、十分なテストを実施の上、修正済みのバージョンを適用してください。^YK jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:04:08 |
| @oha000 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-25 06:08:04 |
| @securenews_web |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) - JPCERT/CC注意喚起 [securenews.appsight.net/entries/13283] jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:12:08 |
| @jpcert_en |
New Security Alert Regarding Vulnerabilities (CVE-2021-3711, CVE-2021-3712) in OpenSSL ^TN jpcert.or.jp/english/at/202… | 2021-08-25 06:13:57 |
| @taku888infinity |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/m/at/2021/at21… @jpcert | 2021-08-25 06:15:51 |
| @ohhara_shiojiri |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:28:56 |
| @OrangeMorishita |
【自分用メモ】OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:31:21 |
| @TokyoSec |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) dlvr.it/S6GwQB https://t.co/iHa5VPPi38 | 2021-08-25 07:02:04 |
| @securityaffairs |
CVE-2021-3711 in #OpenSSL can allow to change an application’s behavior- securityaffairs.co/wordpress/1214… #securityaffairs #hacking | 2021-08-25 07:06:31 |
| @threatmeter |
CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_d… twitter.com/i/web/status/1… | 2021-08-25 07:09:53 |
| @buccimoni |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 07:29:43 |
| @elf_deedlit |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert OpenSSLの脆弱性か~週末辺りに降りてくるかな? | 2021-08-25 08:09:11 |
| @hayaok3 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 08:33:23 |
| @SecurityOsaka |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 JPCERT-AT-2021-0036 JPCERT/CC 2021-08-25 jpcert.or.jp/at/2021/at2100… | 2021-08-25 08:35:37 |
| @saitolab_org |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-25 08:37:24 |
| @futurevuls |
2つのCVEが登録されており、buffer over flowとread buffer overrunが発生します。 (CVE-2021-3711)buffer over flowは、既存メモリ領域に最大62bytes上書きをして… twitter.com/i/web/status/1… | 2021-08-25 08:47:27 |
| @futurevuls |
現時点ではNVDでのCVSS Vector評価がないので、RHELのデータを提示します。 CVE-2021-3711 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - AC:Hとされてい… twitter.com/i/web/status/1… | 2021-08-25 08:47:28 |
| @futurevuls |
ref: openssl.org/news/secadv/20… jpcert.or.jp/at/2021/at2100… access.redhat.com/security/cve/c… access.redhat.com/security/cve/c…… twitter.com/i/web/status/1… | 2021-08-25 08:47:29 |
| @shobu_umemura |
OpenSSL脆弱性公開、早っ。自前ビルドのnginxは即日対応できるけど…。 CVE-2021-3711 はRedHat7/8系で影響なし CVE-2021-3712 はRedHat7/8系で影響あり パッケージはもうすぐって感… twitter.com/i/web/status/1… | 2021-08-25 09:05:43 |
| @blackVELU |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert これ | 2021-08-25 10:43:12 |
| @nilab |
「2021年8月24日(現地時間)、OpenSSL ProjectからOpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する情報が公開されました」 OpenSSLの脆弱性(CVE-2021-37… twitter.com/i/web/status/1… | 2021-08-25 10:44:38 |
| @nilab |
「重要度「High」とされる脆弱性(CVE-2021-3711)」「「SM2」で暗号化されたデータを復号するAPI関数を呼び出す際にバッファオーバーフローが発生する可能性」「OpenSSLを実行しているアプリケーションの動作が変更… twitter.com/i/web/status/1… | 2021-08-25 10:44:39 |
| @ReneRobichaud |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior securityaffairs.co/wordpress/1214… #Infosec #Secinfo… twitter.com/i/web/status/1… | 2021-08-25 11:00:37 |
| @CeptBiro |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior securityaffairs.co/wordpress/1214… #Infosec #Secinfo… twitter.com/i/web/status/1… | 2021-08-25 11:13:48 |
| @TowardsCybersec |
The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711, that can allow an attacker to… twitter.com/i/web/status/1… | 2021-08-25 12:34:56 |
| @hmori |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)古いOpenSSHを使って居るような状態でも影響するのかなあ | 2021-08-25 12:37:04 |
| @RedPacketSec |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior - redpacketsecurity.com/cve-2021-3711-… #Hacking #OSINT… twitter.com/i/web/status/1… | 2021-08-25 16:03:15 |
| @AoiKagase |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 - jpcert.or.jp/at/2021/at2100… | 2021-08-25 17:47:57 |
| @securityaffairs |
CVE-2021-3711 in #OpenSSL can allow to change an application’s behavior securityaffairs.co/wordpress/1214… #securityaffairs #hacking | 2021-08-25 18:15:30 |
| @foxbook |
「OpenSSLのCVE-2021-3711は、アプリケーションの動作を変更することを許可できます」 securityaffairs.co/wordpress/1214… | 2021-08-25 21:51:37 |
| @magiauk |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 ift.tt/3891TnJ | 2021-08-25 21:51:59 |
| @cadmiumadvtech |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior: bit.ly/3ydugLP | 2021-08-25 22:02:11 |
| @adminahead |
The #OpenSSL Project patched a high-severity #vulnerability, tracked as CVE-2021-3711, dat can allow an attacker 2… twitter.com/i/web/status/1… | 2021-08-25 22:23:22 |
| @JimbaKazuya |
OpenSSL 1.1.1l (読みにくいけど L ) 以降を使えとか。 【バージョン確認コマンド】 $ openssl version OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する… twitter.com/i/web/status/1… | 2021-08-25 22:34:12 |
| @JimbaKazuya |
Debian (buster) だと、1.1.1d-0+deb10u7 ならフィックスされてるみたい。 いつ頃 Raspbian に降りてくるかな…… security-tracker.debian.org/tracker/CVE-20… | 2021-08-25 22:43:46 |
| @orenoshio |
はてなブックマーク - OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 b.hatena.ne.jp/entry/s/www.jp… | 2021-08-25 23:06:35 |
| @kwdnet |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/BFWmwnuvyL | 2021-08-25 23:09:05 |
| @nichii_a |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 dlvr.it/S6Khph https://t.co/ww9rYBIZYU | 2021-08-25 23:11:33 |
| @misakiayana777 |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) dlvr.it/S6Km4M | 2021-08-25 23:44:04 |
| @minamijoyo |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/3nydNMuxrn | 2021-08-26 00:01:29 |
| @guitarrapc_tech |
CVE-2021-3711 なるほどね | 2021-08-26 01:30:15 |
| @shiroemons |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-26 01:52:01 |
| @yuzuhara |
OpenSSLのBuffer Overflow。ASN.1のパースは未だに古典的な脆弱性がでるねぇ・・・ SM2 Decryption Buffer Overflow (CVE-2021-3711) openssl.org/news/secadv/20… | 2021-08-26 01:55:41 |
| @__gfx__ |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/3EnbjwdH8M | 2021-08-26 02:34:57 |
| @astel4696 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-26 02:51:56 |
| @sharmanking |
securityaffairs.co/wordpress/1214… | 2021-08-26 03:15:16 |
| @management_sun |
IT Risk:OpenSSL Project. Multiple vulnerabilities in OpenSSL CVE-2021-3711=Severity: High CVE-2021-3712… twitter.com/i/web/status/1… | 2021-08-26 06:05:03 |
| @labunix |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/29Ry3q2c65 | 2021-08-26 06:26:36 |
| @commandline_be |
Updating SSL sould be on your list. mitigation for cve-2021-3711 is to thoroughly disable SM2 ciphers or recompil… twitter.com/i/web/status/1… | 2021-08-26 06:54:43 |
| @cnjea |
Vulnerability in OpenSSL can allow attackers to change an application’s behavior securityaffairs.co/wordpress/1214… | 2021-08-26 07:14:07 |
| @oss_security |
OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-371… twitter.com/i/web/status/1… | 2021-08-26 13:06:34 |
| @securitycurve |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior buff.ly/3jgnTTN | 2021-08-26 14:01:03 |
| @mitsuto_ |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-26 14:12:42 |
| @NCIIPC |
Recent OpenSSL Security Advisory addresses high severity Buffer Overflow (CVE-2021-3711). OpenSSL versions 1.1.1k a… twitter.com/i/web/status/1… | 2021-08-26 16:02:10 |
| @SecurityNewsbot |
CVE-2021-3711 in #OpenSSL can allow to change an application’s behavior securityaffairs.co/wordpress/1214… #SecurityAffairs | 2021-08-26 17:45:08 |
| @kazuki7tz012 |
RedHatのポータルを見ている限りだとヤバそうなCVE-2021-3711は問題ないのか | 2021-08-26 23:11:27 |
| @hogec4 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/m/at/2021/at21… @jpcert | 2021-08-27 00:45:57 |
| @nae2sho |
OpenSSL 1.1.1l がリリースされました。 SM2 Decryption Buffer Overflow (CVE-2021-3711) 対応です。 週末にsmailの機能UPと共にOpenSSLライブラリもバージョンア… twitter.com/i/web/status/1… | 2021-08-27 01:47:48 |
| @FAllendesF |
Two vulns in OpenSSL Security Advisory [24 August 2021] 1) SM2 Decryption Buffer Overflow (CVE-2021-3711): - Seve… twitter.com/i/web/status/1… | 2021-08-27 03:52:05 |
| @GAILLOTPatrice |
#ITSecurity #OpenSSL : | 2021-08-27 08:10:38 |
| @M157q_News_RSS |
群暉科技:OpenSSL漏洞波及該公司多項產品 ithome.com.tw/news/146428 開源的安全通訊軟體函式庫OpenSSL在24日修補了CVE-2021-3711與CVE-2021-3712兩個安全漏洞,臺灣網路附加儲… twitter.com/i/web/status/1… | 2021-08-27 09:16:04 |
| @hedlundjohan |
@jfslowik Perhaps related to | 2021-08-27 09:42:57 |
| @adminahead |
The list of devices affected by the security flaws tracked as CVE-2021-3711 and CVE-2021-3712 includes DSM 7.0, DSM… twitter.com/i/web/status/1… | 2021-08-27 10:37:43 |
| @alpinelinux |
#alpinelinux 3.14.2 released with openssl fixes for CVE-2021-3711 and CVE-2021-3712 alpinelinux.org/posts/Alpine-3… | 2021-08-27 12:59:30 |
| @ipssignatures |
I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-3711. The vuln was published 3 da… twitter.com/i/web/status/1… | 2021-08-27 17:04:00 |
| @ipssignatures |
The vuln CVE-2021-3711 has a tweet created 0 days ago and retweeted 7 times. twitter.com/alpinelinux/st… #Srlh3yqxkzfryc | 2021-08-27 17:04:00 |
| @securityaffairs |
CVE-2021-3711 in #OpenSSL can allow to change an application’s behavior securityaffairs.co/wordpress/1214… #securityaffairs #hacking | 2021-08-27 22:13:40 |
| @KO6YQ |
"Alpine Linux 3.14.2 released" by @AlpineLinux - contains fixes for OpenSSL #vulnerabilities CVE-2021-3711 & CVE-20… twitter.com/i/web/status/1… | 2021-08-28 00:13:11 |
| @eyalestrin |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior ift.tt/2XV1qU4 | 2021-08-28 05:52:47 |
| @BrideOfLinux |
"This release includes fixes for openssl CVE-2021-3711 and CVE-2021-3712": Alpine 3.14.2 released | Alpine Linux buff.ly/3gGzCt7 | 2021-08-28 14:30:13 |
| @xiatianguo |
安全客 / SM2国密算法应用的高危漏洞——CVE-2021-3711 anquanke.com/post/id/251504 > openssl在8月24日发布了openssl 1.1.1l的稳定版,其中修复了一个高危漏洞:CVE-2… twitter.com/i/web/status/1… | 2021-08-28 17:40:30 |
| @PatrickCMiller |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior j.mp/3mvI4iA | 2021-08-28 20:15:01 |
| @omvapt |
CVE-2021-3711 in #OpenSSL can allow to change an #application’s_behavior vapt.me/OpenSSLEvasion | 2021-08-29 00:00:25 |
| @PSantavy |
Synology - multiple OpenSSL vulnerabilities synology.com/cs-cz/security… #CVE-2021-3711, CVE-2021-3712 #Synology… twitter.com/i/web/status/1… | 2021-08-29 21:20:02 |
| @kazuhisa1976 |
CVE-2021-3711だけど、 openssl ciphersって入力してSM2が表示されていなければ、暗号化アルゴリズムとしてSM2が利用されていないってことだから、対象外と考えればよいのかしら? jpcert.or.jp/at/2021/at2100… | 2021-08-30 01:20:15 |
| @eva_library |
SMAIL 4.30 バージョンアップ致しました。 1.openSSL 1.1.1lにライブラリをバージョンアップ 脆弱性対応:CVE-2021-3711、CVE-2021-3712 2.In-Reply-T… twitter.com/i/web/status/1… | 2021-08-30 04:23:19 |
| @sen_u |
最近公開されたOpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)ですが、構築したLinuxサーバーだけじゃなくルーターやVPNサーバーなどに載ってるものも対象なのでIoT機器とかのパッチ情報とかも見て… twitter.com/i/web/status/1… | 2021-08-30 05:05:54 |
| @ipssignatures |
The vuln CVE-2021-3711 has a tweet created 2 days ago and retweeted 10 times. twitter.com/alpinelinux/st… #pow1rtrtwwcve | 2021-08-30 07:06:00 |
| @nae2sho |
SMAIL v 4.30にバージョンアップしました。 ・openSSL 1.1.1lにライブラリをバージョンアップ(脆弱性対応:CVE-2021-3711、CVE-2021-3712) ・In-Reply-To,Referenc… twitter.com/i/web/status/1… | 2021-08-30 08:40:57 |
| @__kokumoto |
QNAP社が、同社NASで使用するOpenSSLの不具合起因の遠隔コード実行・サービス停止に対象するためのパッチを作成中。Synologyもまだパッチ準備中。OpenSSLの不具合は8/24公表のCVE-2021-3711及びCV… twitter.com/i/web/status/1… | 2021-08-30 23:15:12 |
| @alpinelinux |
#alpinelinux stable releases 3.11.12, 3.12.8 and 3.13.6 are out to fix openssl CVE-2021-3711 and CVE-2021-3712. alpinelinux.org/posts/Alpine-3… | 2021-08-31 20:43:22 |
| @AfricaCyberMag |
?#CyberAlerte ?: Libellée sous le CVE-2021-3711, une faille a été repérée dans l’outil de chiffrement #OpenSSL. ✴️N… twitter.com/i/web/status/1… | 2021-09-01 06:52:45 |
| @NA6CE_jp |
リリースノート ・オープンSSLパッチ 潜在的な脆弱性を修正: CVE-2021-3711 と CVE-2021-3712。 ・Netatalkが更新され、AFP 脆弱性の問題が修正されました: CVE-2021-31439。 ・App Central のバグを修正。 | 2021-09-01 07:30:00 |
| @GrupoICA_Ciber |
?NETAPP? Múltiples vulnerabilidades de severidad alta en productos NETAPP: CVE-2021-3712,CVE-2021-3711 Más info… twitter.com/i/web/status/1… | 2021-09-01 08:05:44 |
| @twelvesec |
#QNAP is working on #patches for the #OpenSSL flaws (CVE-2021-3711 & CVE-2021-3712) affecting its #NAS devices.… twitter.com/i/web/status/1… | 2021-09-01 15:46:03 |
| @ipssignatures |
The vuln CVE-2021-3711 has a tweet created 0 days ago and retweeted 10 times. twitter.com/alpinelinux/st… #pow1rtrtwwcve | 2021-09-01 17:06:00 |
| @jpcarsi |
⚠️ Si tienes una NAS de QNAP toma precauciones y echa un vistazo a las vulnerabilidades en #OpenSSL CVE-2021-3711 y… twitter.com/i/web/status/1… | 2021-09-01 20:33:03 |
| @ipssignatures |
The vuln CVE-2021-3711 has a tweet created 7 days ago and retweeted 10 times. twitter.com/jpcert/status/… #pow1rtrtwwcve | 2021-09-01 23:06:00 |
| @rich_outlaw |
Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the O… twitter.com/i/web/status/1… | 2021-09-02 00:58:53 |
| @connorbode |
Hey @xavier2dc, what's the impact of CVE-2021-3711? Is this something that could lead to RCE on a webserver? What is SM2? | 2021-09-02 01:20:04 |
 /r/InfoSecNews |
CVE-2021-3711 in OpenSSL can allow to change an application’s behavior | 2021-08-25 00:45:48 |
| /r/msp |
QNAP OpenSSL Vulnerability - Affects all devices | 2021-09-01 15:40:55 |
| /r/synology |
**Synology DSM Version 7.0.1 Released** | 2021-09-30 21:37:41 |
| /r/asustor |
ADM 4.0.0.RMD2 Release Notes | 2021-10-13 09:40:06 |
| /r/googlecloudupdates |
March 21, 2023 GCP release notes | 2023-03-22 01:00:07 |
| /r/googlecloudupdates |
April 19, 2023 GCP release notes | 2023-04-20 01:00:36 |