QID 671019
Date Published: 2021-11-24
QID 671019: EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2639)
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.
Security Fix(es):
A flaw was found in openssl. A miscalculation of a buffer size was found in openssl's SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer. A remote attacker could use this flaw to crash an application supporting SM2 signature or encryption algorithm, or, possibly, execute arbitrary code with the permissions of the user running that application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3711)
It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability.(CVE-2021-3712)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
An arbitrary attacker may exploit this vulnerability to compromise the system.
CVEs related to QID 671019
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| EulerOS-SA-2021-2639 | EulerOS V2.0SP8 |
developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2639 |