CVE-2021-3711 (CNNVD-202108-1945)
中文标题:
OpenSSL 缓冲区错误漏洞
英文标题:
SM2 Decryption Buffer Overflow
漏洞描述
中文描述:
OpenSSL是OpenSSL团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL 中存在缓冲区错误漏洞,该漏洞源于产品对SM2 plaintext长度的计算错误导致允许越界写操作。攻击者可通过该漏洞执行恶意代码。以下产品及版本受到影响:OpenSSL 1.1.1-1.1.1k。
英文描述:
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| OpenSSL | OpenSSL | Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k) | - | - |
cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.1.1l_(affected_1.1.1-1.1.1k):*:*:*:*:*:*:*
|
| openssl | openssl | * | - | - |
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
|
| debian | debian_linux | 10.0 | - | - |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
|
| debian | debian_linux | 11.0 | - | - |
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
|
| netapp | active_iq_unified_manager | - | - | - |
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
|
| netapp | clustered_data_ontap | - | - | - |
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
|
| netapp | clustered_data_ontap_antivirus_connector | - | - | - |
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
|
| netapp | e-series_santricity_os_controller | * | - | - |
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
|
| netapp | hci_management_node | - | - | - |
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
|
| netapp | manageability_software_development_kit | - | - | - |
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
|
| netapp | oncommand_insight | - | - | - |
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
|
| netapp | oncommand_workflow_automation | - | - | - |
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
|
| netapp | santricity_smi-s_provider | - | - | - |
cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
|
| netapp | snapcenter | - | - | - |
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
|
| netapp | solidfire | - | - | - |
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
|
| netapp | storage_encryption | - | - | - |
cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_unified_data_repository | 1.15.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
|
| oracle | communications_session_border_controller | 8.4 | - | - |
cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
|
| oracle | communications_session_border_controller | 9.0 | - | - |
cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
|
| oracle | communications_unified_session_manager | 8.2.5 | - | - |
cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*
|
| oracle | communications_unified_session_manager | 8.4.5 | - | - |
cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*
|
| oracle | enterprise_communications_broker | 3.2.0 | - | - |
cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
|
| oracle | enterprise_communications_broker | 3.3.0 | - | - |
cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
|
| oracle | enterprise_session_border_controller | 8.4 | - | - |
cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
|
| oracle | enterprise_session_border_controller | 9.0 | - | - |
cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
|
| oracle | essbase | * | - | - |
cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
|
| oracle | health_sciences_inform_publisher | 6.2.1.1 | - | - |
cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:*
|
| oracle | health_sciences_inform_publisher | 6.3.1.1 | - | - |
cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*
|
| oracle | jd_edwards_enterpriseone_tools | * | - | - |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
|
| oracle | jd_edwards_world_security | a9.4 | - | - |
cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
|
| oracle | mysql_connectors | * | - | - |
cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*
|
| oracle | mysql_enterprise_monitor | * | - | - |
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
|
| oracle | mysql_server | * | - | - |
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_peopletools | 8.57 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_peopletools | 8.58 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_peopletools | 8.59 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
|
| oracle | zfs_storage_appliance_kit | 8.8 | - | - |
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
|
| tenable | nessus_network_monitor | * | - | - |
cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
|
| tenable | tenable.sc | * | - | - |
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
cve.org
CVSS评分详情
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2021-3711 |
2025-11-11 15:21:05 | 2025-11-11 07:36:57 |
| NVD | nvd_CVE-2021-3711 |
2025-11-11 14:57:41 | 2025-11-11 07:45:16 |
| CNNVD | cnnvd_CNNVD-202108-1945 |
2025-11-11 15:10:42 | 2025-11-11 07:56:52 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 缓冲区错误
- cnnvd_id: 未提取 -> CNNVD-202108-1945
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.CRITICAL
- cvss_score: 未提取 -> 9.8
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 1 -> 40
- data_sources: ['cve'] -> ['cve', 'nvd']