A flaw was found in openssl. A miscalculation of a buffer size was found in openssl’s SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer. A remote attacker could use this flaw to crash an application supporting SM2 signature or encryption algorithm, or, possibly, execute arbitrary code with the permissions of the user running that application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

bugzilla.redhat.com/show_bug.cgi?id=1995623

nvd.nist.gov/vuln/detail/CVE-2021-3711

www.cve.org/CVERecord?id=CVE-2021-3711

www.openssl.org/news/secadv/20210824.txt

cbl_mariner 2

mscve 1

debiancve 1

f5 1

osv 5

broadcom 2

veracode 1

rustsec 1

nvd 1

cve 1

ibm 27

openssl 1

hackerone 1

ubuntucve 1

prion 1

github 1

alpinelinux 1

nessus 35

openvas 29

cvelist 1

cloudfoundry 1

photon 6

thn 2

debian 2

mageia 2

ubuntu 1

freebsd 2

suse 3

freebsd_advisory 1

altlinux 2

ics 4

threatpost 2

redos 1

kaspersky 1

gentoo 2

qualysblog 1

hivepro 1

redhat 1

oracle 3

avleonov 1

cbl_mariner

CVE-2021-3711 affecting package openssl 1.1.1k-16

2021-09-09 15:02:55

CVE-2021-3711 affecting package openssl for versions less than 1.1.1k-11

2022-04-09 06:51:56

mscve

OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow

2021-11-09 08:00:00

debiancve

CVE-2021-3711

2021-08-24 15:15:09

K40812100 : OpenSSL vulnerability CVE-2021-3711

2021-09-03 00:00:00

osv

SM2 Decryption Buffer Overflow

2022-05-24 19:12:03

CVE-2021-3711

2021-08-24 15:15:09

SM2 Decryption Buffer Overflow

2021-08-24 12:00:00

broadcom

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

2022-09-13 00:00:00

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

2022-09-13 00:00:00

veracode

Denial Of Service

2021-08-25 12:41:30

rustsec

SM2 Decryption Buffer Overflow

2021-08-24 12:00:00

nvd

CVE-2021-3711

2021-08-24 15:15:09

cve

CVE-2021-3711

2021-08-24 15:15:09

ibm

Security Bulletin: Multiple vulnerabilities affect IBM Rational® Application Developer for WebSphere® Software - September 2021

2021-10-25 17:36:53

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to buffer overflow in OpenSSL (CVE-2021-3711).

2023-01-12 21:59:00

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3711)

2021-11-01 16:46:56

openssl

Vulnerability in OpenSSL CVE-2021-3711

2021-08-24 00:00:00

hackerone

Internet Bug Bounty: CVE-2021-3711: SM2 decrypt buffer overflow

2021-09-27 13:47:10

ubuntucve

CVE-2021-3711

2021-08-24 00:00:00

prion

Buffer overflow

2021-08-24 15:15:00

github

SM2 Decryption Buffer Overflow

2022-05-24 19:12:03

alpinelinux

CVE-2021-3711

2021-08-24 15:15:09

nessus

ABB RTU500 Series Buffer Overflow in embedded OpenSSL (CVE-2021-3711)

2023-09-29 00:00:00

Debian DSA-4963-1 : openssl - security update

2021-08-24 00:00:00

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2021-2639)

2021-11-02 00:00:00

openvas

OpenSSL: SM2 Decryption Buffer Overflow (20210824) - Windows

2021-08-25 00:00:00

OpenSSL: SM2 Decryption Buffer Overflow (20210824) - Linux

2021-08-25 00:00:00

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1391)

2022-04-13 00:00:00

cvelist

CVE-2021-3711 SM2 Decryption Buffer Overflow

2021-08-24 00:00:00

cloudfoundry

USN-5051-1: OpenSSL vulnerabilities | Cloud Foundry

2021-09-07 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0290

2021-08-27 00:00:00

Important Photon OS Security Update - PHSA-2021-0094

2021-09-03 00:00:00

Critical Photon OS Security Update - PHSA-2021-4.0-0094

2021-09-03 00:00:00

thn

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices

2021-09-01 07:11:00

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs

2021-11-10 06:24:00

debian

[SECURITY] [DSA 4963-1] openssl security update

2021-08-24 15:16:08

[SECURITY] [DSA 4963-1] openssl security update

2021-08-24 15:16:08

mageia

Updated openssl packages fix security vulnerability

2021-09-23 07:49:29

Updated mysql-connector-c++ packages fix security vulnerability

2022-01-25 15:13:11

ubuntu

OpenSSL vulnerabilities

2021-08-24 00:00:00

freebsd

OpenSSL -- multiple vulnerabilities

2021-08-24 00:00:00

MySQL -- Multiple vulnerabilities

2021-10-16 00:00:00

suse

Security update for openssl-1_1 (important)

2021-08-24 00:00:00

Security update for openssl-1_1 (important)

2021-08-25 00:00:00

Security update for SUSE Manager Client Tools (moderate)

2022-04-25 00:00:00

freebsd_advisory

FreeBSD-SA-21:16.openssl

2021-08-24 00:00:00

altlinux

Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1l-alt1

2021-08-27 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1l-alt1

2021-09-02 00:00:00

ics

AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A)

2023-03-16 12:00:00

Hitachi Energy’s RTU500 Series Product (Update B)

2023-10-19 12:00:00

Mitsubishi Electric MELSOFT iQ AppPortal

2022-05-12 12:00:00

threatpost

QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

2022-03-31 13:22:49

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout

2021-08-31 15:08:46

redos

ROS-20240412-06

2024-04-12 00:00:00

kaspersky

KLA12346 Multiple vulnerabilities in Microsoft Developer Tools

2021-11-09 00:00:00

gentoo

IBM Spectrum Protect: Multiple Vulnerabilities

2022-09-07 00:00:00

OpenSSL: Multiple Vulnerabilities

2022-10-16 00:00:00

qualysblog

Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities

2021-11-11 01:07:53

hivepro

Microsoft’s Patch Tuesday Security Updates for November

2021-11-10 11:20:36

redhat

(RHSA-2021:4618) Important: Red Hat Advanced Cluster Management 2.4 images and security updates

2021-11-10 19:24:59

oracle

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.068

Percentile

93.9%

JSON

Related for RH:CVE-2021-3711