CVE-2021-3712 (CNNVD-202108-1947)

HIGH
中文标题:
OpenSSL 缓冲区错误漏洞
英文标题:
Read buffer overruns processing ASN.1 strings
CVSS分数: 7.4
发布时间: 2021-08-24 14:50:14
漏洞类型: 缓冲区错误
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

OpenSSL是Openssl团队的一个开源的能够实现安全套接层(SSLv2/v3)和安全传输层(TLSv1)协议的通用加密库。该产品支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 openssl 存在缓冲区错误漏洞,该漏洞源于产品假设 ASN.1 字符串使用NULL作为终止符。攻击者可通过制作非NULL终止的字符串发起攻击可导致应用程序内存崩溃或者应用程序崩溃。以下产品及版本受到影响:openssl 1.0.2y 之前版本。

英文描述:

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

CWE类型:
CWE-125
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
OpenSSL OpenSSL Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.1.1l_(affected_1.1.1-1.1.1k):*:*:*:*:*:*:*
OpenSSL OpenSSL Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y) - - cpe:2.3:a:openssl:openssl:fixed_in_openssl_1.0.2za_(affected_1.0.2-1.0.2y):*:*:*:*:*:*:*
openssl openssl * - - cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
debian debian_linux 9.0 - - cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 - - cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian debian_linux 11.0 - - cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
netapp clustered_data_ontap - - - cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
netapp clustered_data_ontap_antivirus_connector - - - cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
netapp e-series_santricity_os_controller * - - cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapp hci_management_node - - - cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netapp manageability_software_development_kit - - - cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
netapp santricity_smi-s_provider - - - cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
netapp solidfire - - - cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapp storage_encryption - - - cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*
mcafee epolicy_orchestrator * - - cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 - - cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
tenable nessus_network_monitor * - - cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
tenable tenable.sc * - - cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
oracle essbase * - - cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
oracle essbase 21.3 - - cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*
oracle mysql_connectors * - - cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*
oracle mysql_enterprise_monitor * - - cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
oracle mysql_server * - - cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle mysql_workbench * - - cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.59 - - cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
oracle secure_backup 18.1.0.1.0 - - cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
oracle zfs_storage_appliance_kit 8.8 - - cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
siemens sinec_infrastructure_network_services * - - cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
oracle communications_cloud_native_core_console 1.9.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_unified_data_repository 1.15.0 - - cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
oracle communications_session_border_controller 8.4 - - cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
oracle communications_session_border_controller 9.0 - - cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
oracle communications_unified_session_manager 8.2.5 - - cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*
oracle communications_unified_session_manager 8.4.5 - - cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.2.0 - - cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.3.0 - - cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 8.4 - - cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 9.0 - - cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
oracle health_sciences_inform_publisher 6.2.1.0 - - cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.0:*:*:*:*:*:*:*
oracle health_sciences_inform_publisher 6.3.1.1 - - cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools * - - cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oracle jd_edwards_world_security a9.4 - - cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
DSA-4963 vendor-advisory
cve.org
访问
[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release? mailing-list
cve.org
访问
[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712) mailing-list
cve.org
访问
[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release? mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update mailing-list
cve.org
访问
[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update mailing-list
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
无标题 OTHER
cve.org
访问
GLSA-202209-02 vendor-advisory
cve.org
访问
GLSA-202210-02 vendor-advisory
cve.org
访问
无标题 OTHER
cve.org
访问
CVSS评分详情
7.4
HIGH
CVSS向量: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CVSS版本: 3.1
机密性
HIGH
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2021-08-24 14:50:14
修改时间:
2024-09-16 20:32:42
创建时间:
2025-11-11 15:36:58
更新时间:
2025-11-11 15:56:52
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2021-3712 2025-11-11 15:21:05 2025-11-11 07:36:58
NVD nvd_CVE-2021-3712 2025-11-11 14:57:41 2025-11-11 07:45:16
CNNVD cnnvd_CNNVD-202108-1947 2025-11-11 15:12:30 2025-11-11 07:56:52
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:56:52
vulnerability_type: 未提取 → 缓冲区错误; cnnvd_id: 未提取 → CNNVD-202108-1947; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 缓冲区错误
  • cnnvd_id: 未提取 -> CNNVD-202108-1947
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:45:16
severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.4; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 2 → 45; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
  • cvss_score: 未提取 -> 7.4
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
  • cvss_version: NOT_EXTRACTED -> 3.1
  • affected_products_count: 2 -> 45
  • data_sources: ['cve'] -> ['cve', 'nvd']