CVE-2021-3712
Published on: 08/24/2021 12:00:00 AM UTC
Last Modified on: 12/06/2022 09:23:00 PM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
- CVE-2021-3712 has been assigned by
openssl-secur[email protected] to track the vulnerability - currently rated as HIGH severity. - Affected Vendor/Software: OpenSSL - OpenSSL version Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
- Affected Vendor/Software: OpenSSL - OpenSSL version Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)
CVSS3 Score: 7.4 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | HIGH | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | NONE | HIGH |
CVSS2 Score: 5.8 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | NONE | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| [SECURITY] [DLA 2774-1] openssl1.0 security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update |
| Debian -- Security Information -- DSA-4963-1 openssl | www.debian.org Depreciated Link text/html |
DEBIAN DSA-4963 |
| Pony Mail! | lists.apache.org text/html |
MLIST [tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release? |
| August 2021 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20210827-0010/ |
| [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 - Security Advisory | Tenable® | www.tenable.com text/html |
CONFIRM www.tenable.com/security/tns-2021-16 |
| git.openssl.org Git - openssl.git/commitdiff | git.openssl.org text/xml |
CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 |
| Oracle Critical Patch Update Advisory - April 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuapr2022.html |
| git.openssl.org Git - openssl.git/commitdiff | git.openssl.org text/xml |
CONFIRM git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 |
| OpenSSL: Multiple Vulnerabilities (GLSA 202210-02) — Gentoo security | security.gentoo.org text/html |
GENTOO GLSA-202210-02 |
| [R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® | www.tenable.com text/html |
CONFIRM www.tenable.com/security/tns-2022-02 |
| Security Bulletin - ePolicy Orchestrator update addresses two product vulnerabilities (CVE-2021-31834 and CVE-2021-31835) and updates Java, OpenSSL, and Tomcat | kc.mcafee.com text/html |
CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10366 |
| Oracle Critical Patch Update Advisory - October 2021 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpuoct2021.html |
| Oracle Critical Patch Update Advisory - January 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujan2022.html |
| www.openssl.org text/plain |
CONFIRM www.openssl.org/news/secadv/20210824.txt | |
| IBM Spectrum Protect: Multiple Vulnerabilities (GLSA 202209-02) — Gentoo security | security.gentoo.org text/html |
GENTOO GLSA-202209-02 |
| oss-security - OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712) | www.openwall.com text/html |
MLIST [oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712) |
| Pony Mail! | lists.apache.org text/html |
MLIST [tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release? |
| cert-portal.siemens.com application/pdf |
CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf | |
| cert-portal.siemens.com application/pdf |
CONFIRM cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | |
| [SECURITY] [DLA 2766-1] openssl security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update |
Related QID Numbers
- 159574 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-5226)
- 159581 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9632)
- 159589 Oracle Enterprise Linux Security Update for openssl (ELSA-2022-0064)
- 159615 Oracle Enterprise Linux Security Update for openssl (ELSA-2022-9017)
- 159616 Oracle Enterprise Linux Security Update for openssl (ELSA-2022-9023)
- 178774 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4963-1)
- 178810 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 2766-1)
- 178853 Debian Security Update for Open Secure Sockets Layer1.0 (OpenSSLl1.0) (DLA 2774-1)
- 182376 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3712)
- 198469 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5051-1)
- 198473 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5051-3)
- 198517 Ubuntu Security Notification for EDK II Vulnerabilities (USN-5088-1)
- 239865 Red Hat Update for red hat jboss core services apache Hypertext Transfer Protocol (HTTP) server 2.4.37 sp10 (RHSA-2021:4614)
- 239977 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:5226)
- 239990 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:0064)
- 330091 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Out-Of-Bounds Vulnerability (openssl_advisory34)
- 352846 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL): ALAS-2021-1541
- 352853 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL)11: ALAS2-2021-1714
- 352867 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL): ALAS2-2021-1721
- 353093 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2021-354
- 375956 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K19559038)
- 375971 Nmap Buffer Overrun Vulnerability
- 376103 Open Secure Sockets Layer (OpenSSL) Security Update
- 376202 Reuse
- 376204 Mysql Workbench Critical Patch Update Oct 2021
- 376257 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2022)
- 376363 Oracle MYSQL Connector/ODBC Critical Patch Update (CPU) January 2022 (CPUJAN2022)
- 377105 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2022:0025)
- 377435 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2022:0002)
- 43988 Hewlett Packard Enterprise (HPE) ArubaOS Multiple Vulnerabilities (ARUBA-PSA-2023-002)
- 500499 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500567 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
- 500766 Alpine Linux Security Update for openssl
- 501166 Alpine Linux Security Update for openssl
- 501985 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
- 502904 Alpine Linux Security Update for openssl1.1-compat
- 591054 Mitsubishi Electric MELSOFT GT OPC UA, GT SoftGOT2000 Multiple Vulnerabilities (ICSA-22-130-06)
- 591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
- 670831 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2717)
- 670959 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2021-2667)
- 670972 EulerOS Security Update for Compat-Open Secure Sockets Layer (compat-OpenSSL) (EulerOS-SA-2021-2625)
- 670993 EulerOS Security Update for Open Secure Sockets Layer111d (OpenSSL111d) (EulerOS-SA-2021-2668)
- 671015 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2692)
- 671019 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2639)
- 671031 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2666)
- 671176 EulerOS Security Update for shim (EulerOS-SA-2021-2927)
- 671177 EulerOS Security Update for shim (EulerOS-SA-2021-2920)
- 671245 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2022-1180)
- 671248 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1181)
- 690055 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (96811d4a-04ec-11ec-9b84-d4c9ef517024)
- 690780 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (7262f826-795e-11ec-8be6-d4c9ef517024)
- 710616 Gentoo Linux IBM Spectrum Protect Multiple Vulnerabilities (GLSA 202209-02)
- 710638 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202210-02)
- 730206 McAfee Web Gateway Multiple Vulnerabilities (WP-3792, WP-4003, WP-4021, WP-4058, WP-4067)
- 730377 Dell EMC Precision Rack Security Update for Multiple iDRAC Vulnerabilities (DSA-2021-259) -iDRAC 8,9
- 751027 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2831-1)
- 751028 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2829-1)
- 751029 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2826-1)
- 751030 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2827-1)
- 751031 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2833-1)
- 751032 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2825-1)
- 751034 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2021:2827-1)
- 751035 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:2830-1)
- 751049 OpenSUSE Security Update for Open Secure Sockets Layer (OpenSSL) (openSUSE-SU-2021:1189-1)
- 751050 OpenSUSE Security Update for Open Secure Sockets Layer (OpenSSL) (openSUSE-SU-2021:1188-1)
- 751059 SUSE Enterprise Linux Security Update for compat- Open Secure Sockets Layer (openssl098) (SUSE-SU-2021:2852-1)
- 751106 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 ( openssl-1_1) (SUSE-SU-2021:2967-1)
- 751108 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (openssl-1_1) (SUSE-SU-2021:2968-1)
- 751116 OpenSUSE Security Update for Open Secure Sockets Layer-1_1 (openssl-1_1) (openSUSE-SU-2021:2966-1)
- 751118 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (SUSE-SU-2021:2996-1)
- 751119 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (SUSE-SU-2021:2994-1)
- 751122 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (SUSE-SU-2021:2995-1)
- 751123 OpenSUSE Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (openSUSE-SU-2021:1248-1)
- 751125 OpenSUSE Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (openSUSE-SU-2021:2994-1)
- 751128 SUSE Enterprise Linux Security Update for compat-Open Secure Sockets Layer098 (OpenSSL098) (SUSE-SU-2021:3019-1)
- 751129 OpenSUSE Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (openSUSE-SU-2021:1261-1)
- 751152 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:3144-1)
- 900406 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6006)
- 901882 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6780-1)
- 940266 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2021:5226)
- 960090 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2021:5226)
Exploit/POC from Github
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding t…
Known Affected Configurations (CPE V2.3)
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*:
- cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*:
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*:
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*:
- cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*:
- cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*:
Discovery Credit
Ingo Schwarze
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @jschauma |
OpenSSL 1.1.1l just landed, fixing CVE-2021-3712 (ASN.1 printing of non-Null terminated string) and • CVE-2021-3711… twitter.com/i/web/status/1… | 2021-08-24 14:17:19 |
| @w4yh |
SM2 Decryption Buffer Overflow (CVE-2021-3711): High Read buffer overruns processing ASN.1 strings (CVE-2021-3712):… twitter.com/i/web/status/1… | 2021-08-24 14:23:53 |
| @ttdoda |
ざっと眺めた感じだとCVE-2021-3711, CVE-2021-3712共にTera Term (ttssh)には影響しないな。 | 2021-08-24 14:25:45 |
| @CVEreport |
CVE-2021-3712 : ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains… twitter.com/i/web/status/1… | 2021-08-24 14:56:39 |
| @LinInfoSec |
Openssl - CVE-2021-3712: openssl.org/news/secadv/20… | 2021-08-24 16:25:59 |
| @m_masaru |
CVE-2021-3712 についてはlibresslは今コミットした感じか。そもそも見つかったのが17th August 2021らしいし twitter.com/OpenBSD_src/st… | 2021-08-24 16:27:55 |
| @tux_care |
New OpenSSL vulnerabilities, including a High severity one. CVE-2021-3711 and CVE-2021-3712. Find out the details i… twitter.com/i/web/status/1… | 2021-08-24 16:29:50 |
| @cryptostorm_is |
Upgraded everything to OpenSSL 1.1.1l, which addresses CVE-2021-3711 and CVE-2021-3712 - openssl.org/news/changelog… | 2021-08-24 16:49:18 |
| @benj_fry |
@BRIAN_____ Are you referring to this ? | 2021-08-24 16:51:46 |
| @omokazuki |
SIOSセキュリティブログを更新しました。 OpenSSLの脆弱性情報(High: CVE-2021-3711, Moderate: CVE-2021-3712 ) #sios_tech #security… twitter.com/i/web/status/1… | 2021-08-24 20:50:20 |
| @motok2501 |
FreeBSD-SA-21:16.openssl 上流のCVE-2021-3711,CVE-2021-3712対策を取り込んだ。3711はSM2デスクリプションで平文用バッファ長計算を誤っていてbuffer overflow可能性… twitter.com/i/web/status/1… | 2021-08-24 23:36:19 |
| @MOFU_M0FU |
サマンサモスモス… あ、違っ、SM2の暗号データを復号化する際にバッファオーバーフローの脆弱性があるとかないとか。 OpenSSLの脆弱性(CVE-2021-3711)をチェック!CVE-2021-3712もね。 | 2021-08-25 00:35:27 |
| @softek_jp |
OpenSSL の ASN.1 文字列の処理に情報漏洩およびサービス妨害の問題 (CVE-2021-3712) [39785] sid.softek.jp/content/show/3… #SIDfm #脆弱性情報 | 2021-08-25 02:12:45 |
| @itsec_jp |
統合版 JPCERT/CC | 注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) ift.tt/3891TnJ #itsec_jp | 2021-08-25 05:55:55 |
| @sec_trend |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) izumino.jp/Security/sec_t… jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:00:28 |
| @cyberdian_cert |
Security Alert: Alert Regarding Vulnerabilities (CVE-2021-3711, CVE-2021-3712) in OpenSSL bit.ly/38aLOh5… twitter.com/i/web/status/1… | 2021-08-25 06:00:57 |
| @kyokoi1979 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:02:40 |
| @jpcert |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起を公開。OpenSSL Projectの情報を確認し、十分なテストを実施の上、修正済みのバージョンを適用してください。^YK jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:04:08 |
| @oha000 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-25 06:08:04 |
| @securenews_web |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) - JPCERT/CC注意喚起 [securenews.appsight.net/entries/13283] jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:12:08 |
| @jpcert_en |
New Security Alert Regarding Vulnerabilities (CVE-2021-3711, CVE-2021-3712) in OpenSSL ^TN jpcert.or.jp/english/at/202… | 2021-08-25 06:13:57 |
| @taku888infinity |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/m/at/2021/at21… @jpcert | 2021-08-25 06:15:51 |
| @ohhara_shiojiri |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:28:56 |
| @OrangeMorishita |
【自分用メモ】OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 06:31:21 |
| @TokyoSec |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) dlvr.it/S6GwQB https://t.co/iHa5VPPi38 | 2021-08-25 07:02:04 |
| @threatmeter |
CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a… twitter.com/i/web/status/1… | 2021-08-25 07:09:52 |
| @buccimoni |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 07:29:43 |
| @elf_deedlit |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert OpenSSLの脆弱性か~週末辺りに降りてくるかな? | 2021-08-25 08:09:11 |
| @elf_deedlit |
@jpcert Ubuntuはこれか ubuntu.com/security/CVE-2… | 2021-08-25 08:09:38 |
| @hayaok3 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-25 08:33:23 |
| @SecurityOsaka |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 JPCERT-AT-2021-0036 JPCERT/CC 2021-08-25 jpcert.or.jp/at/2021/at2100… | 2021-08-25 08:35:37 |
| @saitolab_org |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-25 08:37:24 |
| @futurevuls |
(CVE-2021-3712)read buffer overrunは規定よりも多くのメモリ領域のデータを読込む脆弱性です。 これによりメモリ上の機微な情報(秘密鍵や機密性の高い平文など)を読み取られる可能性があります。また、サー… twitter.com/i/web/status/1… | 2021-08-25 08:47:28 |
| @futurevuls |
ref: openssl.org/news/secadv/20… jpcert.or.jp/at/2021/at2100… access.redhat.com/security/cve/c… access.redhat.com/security/cve/c…… twitter.com/i/web/status/1… | 2021-08-25 08:47:29 |
| @shobu_umemura |
OpenSSL脆弱性公開、早っ。自前ビルドのnginxは即日対応できるけど…。 CVE-2021-3711 はRedHat7/8系で影響なし CVE-2021-3712 はRedHat7/8系で影響あり パッケージはもうすぐって感… twitter.com/i/web/status/1… | 2021-08-25 09:05:43 |
| @blackVELU |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert これ | 2021-08-25 10:43:12 |
| @nilab |
「2021年8月24日(現地時間)、OpenSSL ProjectからOpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する情報が公開されました」 OpenSSLの脆弱性(CVE-2021-37… twitter.com/i/web/status/1… | 2021-08-25 10:44:38 |
| @hmori |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)古いOpenSSHを使って居るような状態でも影響するのかなあ | 2021-08-25 12:37:04 |
| @ttdoda |
でCVE-2021-3712ですが openssl.org/news/vulnerabi… での説明のとおりならばアプリケーションがOpenSSLの関数を使わずに自前でANS.1データを構築し、それをOpenSSLの関数で扱おうとした時の… twitter.com/i/web/status/1… | 2021-08-25 16:19:09 |
| @AoiKagase |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 - jpcert.or.jp/at/2021/at2100… | 2021-08-25 17:47:57 |
| @magiauk |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 ift.tt/3891TnJ | 2021-08-25 21:51:59 |
| @JimbaKazuya |
OpenSSL 1.1.1l (読みにくいけど L ) 以降を使えとか。 【バージョン確認コマンド】 $ openssl version OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する… twitter.com/i/web/status/1… | 2021-08-25 22:34:12 |
| @orenoshio |
はてなブックマーク - OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 b.hatena.ne.jp/entry/s/www.jp… | 2021-08-25 23:06:35 |
| @kwdnet |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/BFWmwnuvyL | 2021-08-25 23:09:05 |
| @nichii_a |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 dlvr.it/S6Khph https://t.co/ww9rYBIZYU | 2021-08-25 23:11:33 |
| @misakiayana777 |
注意喚起: OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 (公開) dlvr.it/S6Km4M | 2021-08-25 23:44:04 |
| @minamijoyo |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/3nydNMuxrn | 2021-08-26 00:01:29 |
| @shiroemons |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… | 2021-08-26 01:52:01 |
| @__gfx__ |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/3EnbjwdH8M | 2021-08-26 02:34:57 |
| @astel4696 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-26 02:51:56 |
| @management_sun |
IT Risk:OpenSSL Project. Multiple vulnerabilities in OpenSSL CVE-2021-3711=Severity: High CVE-2021-3712… twitter.com/i/web/status/1… | 2021-08-26 06:05:03 |
| @labunix |
“OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起” htn.to/29Ry3q2c65 | 2021-08-26 06:26:36 |
| @mitsuto_ |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-08-26 14:12:42 |
| @hogec4 |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/m/at/2021/at21… @jpcert | 2021-08-27 00:45:57 |
| @M157q_News_RSS |
群暉科技:OpenSSL漏洞波及該公司多項產品 ithome.com.tw/news/146428 開源的安全通訊軟體函式庫OpenSSL在24日修補了CVE-2021-3711與CVE-2021-3712兩個安全漏洞,臺灣網路附加儲… twitter.com/i/web/status/1… | 2021-08-27 09:16:04 |
| @adminahead |
The list of devices affected by the security flaws tracked as CVE-2021-3711 and CVE-2021-3712 includes DSM 7.0, DSM… twitter.com/i/web/status/1… | 2021-08-27 10:37:43 |
| @alpinelinux |
#alpinelinux 3.14.2 released with openssl fixes for CVE-2021-3711 and CVE-2021-3712 alpinelinux.org/posts/Alpine-3… | 2021-08-27 12:59:30 |
| @ipssignatures |
I know no IPS that has a protection/signature/rule for the vulnerability CVE-2021-3712. The vuln was published 3 da… twitter.com/i/web/status/1… | 2021-08-27 17:04:01 |
| @ipssignatures |
The vuln CVE-2021-3712 has a tweet created 0 days ago and retweeted 7 times. twitter.com/alpinelinux/st… #Spgciiageiopdo | 2021-08-27 17:04:01 |
| @BrideOfLinux |
"This release includes fixes for openssl CVE-2021-3711 and CVE-2021-3712": Alpine 3.14.2 released | Alpine Linux buff.ly/3gGzCt7 | 2021-08-28 14:30:13 |
| @PSantavy |
Synology - multiple OpenSSL vulnerabilities synology.com/cs-cz/security… #CVE-2021-3711, CVE-2021-3712 #Synology… twitter.com/i/web/status/1… | 2021-08-29 21:20:02 |
| @eva_library |
SMAIL 4.30 バージョンアップ致しました。 1.openSSL 1.1.1lにライブラリをバージョンアップ 脆弱性対応:CVE-2021-3711、CVE-2021-3712 2.In-Reply-T… twitter.com/i/web/status/1… | 2021-08-30 04:23:19 |
| @sen_u |
最近公開されたOpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)ですが、構築したLinuxサーバーだけじゃなくルーターやVPNサーバーなどに載ってるものも対象なのでIoT機器とかのパッチ情報とかも見て… twitter.com/i/web/status/1… | 2021-08-30 05:05:54 |
| @ipssignatures |
The vuln CVE-2021-3712 has a tweet created 2 days ago and retweeted 10 times. twitter.com/alpinelinux/st… #pow1rtrtwwcve | 2021-08-30 07:06:00 |
| @nae2sho |
SMAIL v 4.30にバージョンアップしました。 ・openSSL 1.1.1lにライブラリをバージョンアップ(脆弱性対応:CVE-2021-3711、CVE-2021-3712) ・In-Reply-To,Referenc… twitter.com/i/web/status/1… | 2021-08-30 08:40:57 |
| @alpinelinux |
#alpinelinux stable releases 3.11.12, 3.12.8 and 3.13.6 are out to fix openssl CVE-2021-3711 and CVE-2021-3712. alpinelinux.org/posts/Alpine-3… | 2021-08-31 20:43:22 |
| @NA6CE_jp |
リリースノート ・オープンSSLパッチ 潜在的な脆弱性を修正: CVE-2021-3711 と CVE-2021-3712。 ・Netatalkが更新され、AFP 脆弱性の問題が修正されました: CVE-2021-31439。 ・App Central のバグを修正。 | 2021-09-01 07:30:00 |
| @andreasdotorg |
Golly, have you seen the time? Seems it's OpenSSL update time already again! CVE-2021-3712 | 2021-09-01 07:38:57 |
| @GrupoICA_Ciber |
?DEBIAN? Múltiples vulnerabilidades de severidad alta en productos DEBIAN: CVE-2021-22924,CVE-2021-3712,CVE-2021-… twitter.com/i/web/status/1… | 2021-09-01 07:57:43 |
| @GrupoICA_Ciber |
?NETAPP? Múltiples vulnerabilidades de severidad alta en productos NETAPP: CVE-2021-3712,CVE-2021-3711 Más info… twitter.com/i/web/status/1… | 2021-09-01 08:05:44 |
| @banym |
@FiLiS CVE-2021-3712 | 2021-09-01 09:25:40 |
| @twelvesec |
#QNAP is working on #patches for the #OpenSSL flaws (CVE-2021-3711 & CVE-2021-3712) affecting its #NAS devices.… twitter.com/i/web/status/1… | 2021-09-01 15:46:03 |
| @ipssignatures |
The vuln CVE-2021-3712 has a tweet created 0 days ago and retweeted 10 times. twitter.com/alpinelinux/st… #pow1rtrtwwcve | 2021-09-01 17:06:00 |
| @ipssignatures |
The vuln CVE-2021-3712 has a tweet created 7 days ago and retweeted 10 times. twitter.com/jpcert/status/… #pow1rtrtwwcve | 2021-09-01 23:06:01 |
| @rich_outlaw |
Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the O… twitter.com/i/web/status/1… | 2021-09-02 00:58:53 |
| @argevise |
Vulnérabilités #OpenSSL CVE-2021-3711, CVE-2021-3712, Via @francoisquiquet linkedin.com/posts/francois… | 2021-09-03 20:53:15 |
| @non_it_info |
OpenSSLの脆弱性(CVE-2021-3711、CVE-2021-3712)に関する注意喚起 jpcert.or.jp/at/2021/at2100… @jpcert | 2021-09-06 23:25:14 |
| @gcpweekly |
Fixes: The following container image security vulnerabilities have been fixed: - CVE-2021-3711 - CVE-2021-3712 - CV… twitter.com/i/web/status/1… | 2021-09-21 22:30:23 |
| @GrupoICA_Ciber |
?DEBIAN? Múltiples vulnerabilidades de severidad alta en productos DEBIAN: CVE-2021-3712,CVE-2021-3711 Más info… twitter.com/i/web/status/1… | 2021-09-23 07:58:17 |
| @GrupoICA_Ciber |
?NETAPP? Múltiples vulnerabilidades de severidad alta en productos NETAPP: CVE-2021-3712,CVE-2021-3711 Más info… twitter.com/i/web/status/1… | 2021-09-23 08:05:31 |
| @CswWorks |
#Synology, reported RCE & DoS OpenSSL vulnerabilities. Tracked as CVE-2021-3711 & CVE-2021-3712, allow attackers t… twitter.com/i/web/status/1… | 2021-09-30 11:30:47 |
| @wolfSSL |
wolfSSL not affected by CVE-2021-3711, nor CVE-2021-3712 dlvr.it/S8wQXD | 2021-10-05 00:28:32 |
| @gcpweekly |
Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3712 CVE-2021-22946 CVE-202… twitter.com/i/web/status/1… | 2021-10-19 23:00:20 |
| @GrupoICA_Ciber |
?NETAPP? Múltiples vulnerabilidades de severidad alta en productos NETAPP: CVE-2021-3712,CVE-2021-3711 Más info… twitter.com/i/web/status/1… | 2021-10-21 08:03:54 |
| @gcpweekly |
The following container image security vulnerabilities have been fixed: CVE-2021-3712 CVE-2021-22946 CVE-2021-22947… twitter.com/i/web/status/1… | 2021-10-27 00:30:18 |
| @softek_jp |
F5 Networks BIG-IP の OpenSSL に情報漏洩およびサービス妨害の問題 (CVE-2021-3712) [40370] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2021-10-29 05:00:51 |
| @management_sun |
IT Risk: Red Hat.Openshift Loggingに複数の脆弱性 -4/6 CVE-2021-3778 CVE-2021-3712 CVE-2021-3580 CVE-2021-3572 CVE-2021-348… twitter.com/i/web/status/1… | 2021-12-15 05:48:40 |
| @management_sun |
IT Risk: Red Hat.Multiple vulnerabilities in Openshift Logging 4/6 CVE-2021-3778 CVE-2021-3712 CVE-2021-3580 CVE-20… twitter.com/i/web/status/1… | 2021-12-15 05:51:03 |
| @Suranfox_Public |
Uhm... @vorwerk_gruppe "CVE-2021-3712, 3711,3450, 3447,23841, 23840, CVE-2020-1971 and CVE-2020-1967 CVE-2019-1551,… twitter.com/i/web/status/1… | 2021-12-18 17:35:46 |
| @LinInfoSec |
Openssl - CVE-2021-3712: openssl.org/news/secadv/20… | 2022-01-06 12:00:48 |
| @management_sun |
IT Risk: Red Hat.OpenShift Enterprise Loggingに複数の脆弱性 -2/2 CVE-2021-42574 CVE-2021-20321 CVE-2021-3712 | 2022-01-11 09:11:23 |
| @management_sun |
IT Risk: Red Hat.Multiple vulnerabilities in OpenShift Enterprise Logging -2/2 CVE-2021-3712 | 2022-01-11 09:12:05 |
| @ottoto2017 |
#CentOS 7.9.2009 の kernel 他のupdateがあった。セキュリティ対応では、kernel でCVE-2021-42739対応、openssl で CVE-2021-3712用patchのupdate が行わ… twitter.com/i/web/status/1… | 2022-01-19 02:20:30 |
 /r/msp |
QNAP OpenSSL Vulnerability - Affects all devices | 2021-09-01 15:40:55 |
| /r/synology |
**Synology DSM Version 7.0.1 Released** | 2021-09-30 21:37:41 |
| /r/asustor |
ADM 4.0.0.RMD2 Release Notes | 2021-10-13 09:40:06 |
| /r/synology |
DSM Version: 7.1.1-42951 (Release Candidate) | 2022-08-10 06:07:14 |
| /r/synology |
Has anyone seen the release notes for the latest DSM 7.1.1 Release Candidate. Fixes a scary amount of CVEs. | 2022-08-16 14:26:29 |
| /r/synology |
DSM 7.1.1-42962 released! | 2022-09-05 11:39:36 |
| /r/k12cybersecurity |
MS-ISAC CYBERSECURITY ADVISORY - Multiple Vulnerabilities in Aruba Products Could Allow for Arbitrary Code Execution - PATCH NOW - TLP: CLEAR | 2023-03-01 15:46:44 |
| /r/googlecloudupdates |
March 21, 2023 GCP release notes | 2023-03-22 01:00:07 |
| /r/googlecloudupdates |
April 19, 2023 GCP release notes | 2023-04-20 01:00:36 |