CVE-2021-3712

Summary

CVE	CVE-2021-3712
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-24 15:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Mcafee	Epolicy Orchestrator	All	All	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	-	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_1	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_10	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_2	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_3	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_4	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_5	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_6	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_7	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_8	All	All
Application	Mcafee	Epolicy Orchestrator	5.10.0	update_9	All	All
Application	Netapp	Clustered Data Ontap	-	All	All	All
Application	Netapp	Clustered Data Ontap Antivirus Connector	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Manageability Software Development Kit	-	All	All	All
Application	Netapp	Santricity Smi-s Provider	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Netapp	Storage Encryption	-	All	All	All
Application	Openssl	Openssl	All	All	All	All
Application	Oracle	Communications Cloud Native Core Console	1.9.0	All	All	All
Application	Oracle	Communications Cloud Native Core Security Edge Protection Proxy	1.7.0	All	All	All
Application	Oracle	Communications Cloud Native Core Unified Data Repository	1.15.0	All	All	All
Application	Oracle	Communications Session Border Controller	8.4	All	All	All
Application	Oracle	Communications Session Border Controller	9.0	All	All	All
Application	Oracle	Communications Unified Session Manager	8.2.5	All	All	All
Application	Oracle	Communications Unified Session Manager	8.4.5	All	All	All
Application	Oracle	Enterprise Communications Broker	3.2.0	All	All	All
Application	Oracle	Enterprise Communications Broker	3.3.0	All	All	All
Application	Oracle	Enterprise Session Border Controller	8.4	All	All	All
Application	Oracle	Enterprise Session Border Controller	9.0	All	All	All
Application	Oracle	Essbase	All	All	All	All
Application	Oracle	Essbase	21.3	All	All	All
Application	Oracle	Health Sciences Inform Publisher	6.2.1.0	All	All	All
Application	Oracle	Health Sciences Inform Publisher	6.3.1.1	All	All	All
Application	Oracle	Jd Edwards Enterpriseone Tools	All	All	All	All
Application	Oracle	Jd Edwards World Security	a9.4	All	All	All
Application	Oracle	Mysql Connectors	All	All	All	All
Application	Oracle	Mysql Enterprise Monitor	All	All	All	All
Application	Oracle	Mysql Server	All	All	All	All
Application	Oracle	Mysql Server	All	All	All	All
Application	Oracle	Mysql Workbench	All	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.57	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.58	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.59	All	All	All
Application	Oracle	Secure Backup	18.1.0.1.0	All	All	All
Application	Oracle	Zfs Storage Appliance Kit	8.8	All	All	All
Application	Siemens	Sinec Infrastructure Network Services	All	All	All	All
Application	Tenable	Nessus Network Monitor	All	All	All	All
Application	Tenable	Tenable.sc	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] [DLA 2774-1] openssl1.0 security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-4963-1 openssl	DEBIAN	www.debian.org
Pony Mail!	MLIST	lists.apache.org
August 2021 OpenSSL Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1 - Security Advisory \| Tenable®	CONFIRM	www.tenable.com
git.openssl.org Git - openssl.git/commitdiff	CONFIRM	git.openssl.org
Oracle Critical Patch Update Advisory - April 2022	MISC	www.oracle.com
git.openssl.org Git - openssl.git/commitdiff	CONFIRM	git.openssl.org
git.openssl.org Git		git.openssl.org
OpenSSL: Multiple Vulnerabilities (GLSA 202210-02) — Gentoo security	GENTOO	security.gentoo.org
[R1] Nessus Network Monitor 6.0.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory \| Tenable®	CONFIRM	www.tenable.com
Security Bulletin - ePolicy Orchestrator update addresses two product vulnerabilities (CVE-2021-31834 and CVE-2021-31835) and updates Java, OpenSSL, and Tomcat	CONFIRM	kc.mcafee.com
[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?		lists.apache.org
Oracle Critical Patch Update Advisory - October 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - January 2022	MISC	www.oracle.com
www.openssl.org/news/secadv/20210824.txt	CONFIRM	www.openssl.org
IBM Spectrum Protect: Multiple Vulnerabilities (GLSA 202209-02) — Gentoo security	GENTOO	security.gentoo.org
oss-security - OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)	MLIST	www.openwall.com
Pony Mail!	MLIST	lists.apache.org
cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf	CONFIRM	cert-portal.siemens.com
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	CONFIRM	cert-portal.siemens.com
git.openssl.org Git - openssl.git/commitdiff		git.openssl.org
[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?		lists.apache.org
[SECURITY] [DLA 2766-1] openssl security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Ingo Schwarze

Legacy QID Mappings

159574 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-5226)
159581 Oracle Enterprise Linux Security Update for openssl (ELSA-2021-9632)
159589 Oracle Enterprise Linux Security Update for openssl (ELSA-2022-0064)
159615 Oracle Enterprise Linux Security Update for openssl (ELSA-2022-9017)
159616 Oracle Enterprise Linux Security Update for openssl (ELSA-2022-9023)
178774 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4963-1)
178810 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 2766-1)
178853 Debian Security Update for Open Secure Sockets Layer1.0 (OpenSSLl1.0) (DLA 2774-1)
182376 Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3712)
198469 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5051-1)
198473 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5051-3)
198517 Ubuntu Security Notification for EDK II Vulnerabilities (USN-5088-1)
239865 Red Hat Update for red hat jboss core services apache Hypertext Transfer Protocol (HTTP) server 2.4.37 sp10 (RHSA-2021:4614)
239977 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:5226)
239990 Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2022:0064)
330091 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Out-Of-Bounds Vulnerability (openssl_advisory34)
352846 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL): ALAS-2021-1541
352853 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL)11: ALAS2-2021-1714
352867 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL): ALAS2-2021-1721
353093 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2021-354
357333 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502
375956 F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K19559038)
375971 Nmap Buffer Overrun Vulnerability
376103 Open Secure Sockets Layer (OpenSSL) Security Update
376202 Reuse
376204 Mysql Workbench Critical Patch Update Oct 2021
376257 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2022)
376363 Oracle MYSQL Connector/ODBC Critical Patch Update (CPU) January 2022 (CPUJAN2022)
377105 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX3-SA-2022:0025)
377435 Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2022:0002)
379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
43988 Hewlett Packard Enterprise (HPE) ArubaOS Multiple Vulnerabilities (ARUBA-PSA-2023-002)
500499 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
500567 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
500766 Alpine Linux Security Update for openssl
501166 Alpine Linux Security Update for openssl
501985 Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)
502904 Alpine Linux Security Update for openssl1.1-compat
504258 Alpine Linux Security Update for openssl
505781 Alpine Linux Security Update for openssl1.1-compat
591054 Mitsubishi Electric MELSOFT GT OPC UA, GT SoftGOT2000 Multiple Vulnerabilities (ICSA-22-130-06)
591311 Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)
670831 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2717)
670959 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2021-2667)
670972 EulerOS Security Update for Compat-Open Secure Sockets Layer (compat-OpenSSL) (EulerOS-SA-2021-2625)
670993 EulerOS Security Update for Open Secure Sockets Layer111d (OpenSSL111d) (EulerOS-SA-2021-2668)
671015 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2692)
671019 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2639)
671031 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2666)
671176 EulerOS Security Update for shim (EulerOS-SA-2021-2927)
671177 EulerOS Security Update for shim (EulerOS-SA-2021-2920)
671245 EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) (EulerOS-SA-2022-1180)
671248 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-1181)
690055 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (96811d4a-04ec-11ec-9b84-d4c9ef517024)
690780 Free Berkeley Software Distribution (FreeBSD) Security Update for mysql (7262f826-795e-11ec-8be6-d4c9ef517024)
710616 Gentoo Linux IBM Spectrum Protect Multiple Vulnerabilities (GLSA 202209-02)
710638 Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202210-02)
730206 McAfee Web Gateway Multiple Vulnerabilities (WP-3792, WP-4003, WP-4021, WP-4058, WP-4067)
730377 Dell EMC Precision Rack Security Update for Multiple iDRAC Vulnerabilities (DSA-2021-259) -iDRAC 8,9
751027 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2831-1)
751028 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2829-1)
751029 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2826-1)
751030 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2827-1)
751031 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2833-1)
751032 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:2825-1)
751034 OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2021:2827-1)
751035 OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:2830-1)
751049 OpenSUSE Security Update for Open Secure Sockets Layer (OpenSSL) (openSUSE-SU-2021:1189-1)
751050 OpenSUSE Security Update for Open Secure Sockets Layer (OpenSSL) (openSUSE-SU-2021:1188-1)
751059 SUSE Enterprise Linux Security Update for compat- Open Secure Sockets Layer (openssl098) (SUSE-SU-2021:2852-1)
751106 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 ( openssl-1_1) (SUSE-SU-2021:2967-1)
751108 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (openssl-1_1) (SUSE-SU-2021:2968-1)
751116 OpenSUSE Security Update for Open Secure Sockets Layer-1_1 (openssl-1_1) (openSUSE-SU-2021:2966-1)
751118 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (SUSE-SU-2021:2996-1)
751119 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (SUSE-SU-2021:2994-1)
751122 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (SUSE-SU-2021:2995-1)
751123 OpenSUSE Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (openSUSE-SU-2021:1248-1)
751125 OpenSUSE Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (openSUSE-SU-2021:2994-1)
751128 SUSE Enterprise Linux Security Update for compat-Open Secure Sockets Layer098 (OpenSSL098) (SUSE-SU-2021:3019-1)
751129 OpenSUSE Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (openSUSE-SU-2021:1261-1)
751152 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (SUSE-SU-2021:3144-1)
900406 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6006)
901882 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6780-1)
940266 AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2021:5226)
960090 Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2021:5226)