CVE-2021-3711

SM2 Decryption Buffer Overflow

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Para descifrar los datos cifrados de SM2 se espera que una aplicación llame a la función de la API EVP_PKEY_decrypt(). Normalmente, una aplicación llamará a esta función dos veces. La primera vez, al entrar, el parámetro "out" puede ser NULL y, al salir, el parámetro "outlen" se rellena con el tamaño del búfer necesario para contener el texto plano descifrado. La aplicación puede entonces asignar un búfer de tamaño suficiente y llamar de nuevo a EVP_PKEY_decrypt(), pero esta vez pasando un valor no NULL para el parámetro "out". Un bug en la implementación del código de descifrado SM2 significa que el cálculo del tamaño del búfer necesario para mantener el texto plano devuelto por la primera llamada a EVP_PKEY_decrypt() puede ser menor que el tamaño real requerido por la segunda llamada. Esto puede conllevar a un desbordamiento del búfer cuando la aplicación llama a EVP_PKEY_decrypt() por segunda vez con un búfer demasiado pequeño. Un atacante malicioso que sea capaz de presentar el contenido de SM2 para su descifrado a una aplicación podría causar que los datos elegidos por el atacante desborden el búfer hasta un máximo de 62 bytes alterando el contenido de otros datos mantenidos después del búfer, posiblemente cambiando el comportamiento de la aplicación o causando el bloqueo de la misma. La ubicación del búfer depende de la aplicación, pero normalmente se asigna a la pila. Corregido en OpenSSL versión 1.1.1l (Afectada 1.1.1-1.1.1k).

A flaw was found in openssl. A miscalculation of a buffer size was found in openssl's SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer. A remote attacker could use this flaw to crash an application supporting SM2 signature or encryption algorithm, or, possibly, execute arbitrary code with the permissions of the user running that application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

*Credits: John Ouyang

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-16 CVE Reserved
2021-08-24 CVE Published
2024-05-09 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-787: Out-of-bounds Write

CAPEC

References (19)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2021/08/26/2	Mailing List
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20210827-0010	Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0003	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006
https://www.tenable.com/security/tns-2021-16	Third Party Advisory
https://www.tenable.com/security/tns-2022-02	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpuapr2022.html	2024-06-21
https://www.oracle.com/security-alerts/cpujan2022.html	2024-06-21
https://www.oracle.com/security-alerts/cpuoct2021.html	2024-06-21

URL	Date	SRC
https://security.gentoo.org/glsa/202209-02	2024-06-21
https://security.gentoo.org/glsa/202210-02	2024-06-21
https://www.debian.org/security/2021/dsa-4963	2024-06-21
https://www.openssl.org/news/secadv/20210824.txt	2024-06-21
https://access.redhat.com/security/cve/CVE-2021-3711	2021-11-11
https://bugzilla.redhat.com/show_bug.cgi?id=1995623	2021-11-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.1 < 1.1.1l Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 < 1.1.1l"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		windows		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Antivirus Connector Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector"				-		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				>= 11.0 <= 11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version " >= 11.0 <= 11.50.2"		-		Affected
Netapp Search vendor "Netapp"		Hci Management Node Search vendor "Netapp" for product "Hci Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Manageability Software Development Kit Search vendor "Netapp" for product "Manageability Software Development Kit"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight"				-		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected
Netapp Search vendor "Netapp"		Santricity Smi-s Provider Search vendor "Netapp" for product "Santricity Smi-s Provider"				-		-		Affected
Netapp Search vendor "Netapp"		Snapcenter Search vendor "Netapp" for product "Snapcenter"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire Search vendor "Netapp" for product "Solidfire"				-		-		Affected
Netapp Search vendor "Netapp"		Storage Encryption Search vendor "Netapp" for product "Storage Encryption"				-		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Security Edge Protection Proxy Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy"				1.7.0 Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "1.7.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Unified Data Repository Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository"				1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "1.15.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller"				8.4 Search vendor "Oracle" for product "Communications Session Border Controller" and version "8.4"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Border Controller Search vendor "Oracle" for product "Communications Session Border Controller"				9.0 Search vendor "Oracle" for product "Communications Session Border Controller" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Session Manager Search vendor "Oracle" for product "Communications Unified Session Manager"				8.2.5 Search vendor "Oracle" for product "Communications Unified Session Manager" and version "8.2.5"		-		Affected
Oracle Search vendor "Oracle"		Communications Unified Session Manager Search vendor "Oracle" for product "Communications Unified Session Manager"				8.4.5 Search vendor "Oracle" for product "Communications Unified Session Manager" and version "8.4.5"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker"				3.2.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.2.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker"				3.3.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.3.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Session Border Controller Search vendor "Oracle" for product "Enterprise Session Border Controller"				8.4 Search vendor "Oracle" for product "Enterprise Session Border Controller" and version "8.4"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Session Border Controller Search vendor "Oracle" for product "Enterprise Session Border Controller"				9.0 Search vendor "Oracle" for product "Enterprise Session Border Controller" and version "9.0"		-		Affected
Oracle Search vendor "Oracle"		Essbase Search vendor "Oracle" for product "Essbase"				< 11.1.2.4.47 Search vendor "Oracle" for product "Essbase" and version " < 11.1.2.4.47"		-		Affected
Oracle Search vendor "Oracle"		Essbase Search vendor "Oracle" for product "Essbase"				>= 21.1 < 21.3 Search vendor "Oracle" for product "Essbase" and version " >= 21.1 < 21.3"		-		Affected
Oracle Search vendor "Oracle"		Health Sciences Inform Publisher Search vendor "Oracle" for product "Health Sciences Inform Publisher"				6.2.1.1 Search vendor "Oracle" for product "Health Sciences Inform Publisher" and version "6.2.1.1"		-		Affected
Oracle Search vendor "Oracle"		Health Sciences Inform Publisher Search vendor "Oracle" for product "Health Sciences Inform Publisher"				6.3.1.1 Search vendor "Oracle" for product "Health Sciences Inform Publisher" and version "6.3.1.1"		-		Affected
Oracle Search vendor "Oracle"		Jd Edwards Enterpriseone Tools Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools"				< 9.2.6.3 Search vendor "Oracle" for product "Jd Edwards Enterpriseone Tools" and version " < 9.2.6.3"		-		Affected
Oracle Search vendor "Oracle"		Jd Edwards World Security Search vendor "Oracle" for product "Jd Edwards World Security"				a9.4 Search vendor "Oracle" for product "Jd Edwards World Security" and version "a9.4"		-		Affected
Oracle Search vendor "Oracle"		Mysql Connectors Search vendor "Oracle" for product "Mysql Connectors"				<= 8.0.27 Search vendor "Oracle" for product "Mysql Connectors" and version " <= 8.0.27"		-		Affected
Oracle Search vendor "Oracle"		Mysql Enterprise Monitor Search vendor "Oracle" for product "Mysql Enterprise Monitor"				<= 8.0.25 Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 8.0.25"		-		Affected
Oracle Search vendor "Oracle"		Mysql Server Search vendor "Oracle" for product "Mysql Server"				>= 5.7.0 <= 5.7.35 Search vendor "Oracle" for product "Mysql Server" and version " >= 5.7.0 <= 5.7.35"		-		Affected
Oracle Search vendor "Oracle"		Mysql Server Search vendor "Oracle" for product "Mysql Server"				>= 8.0.0 <= 8.0.26 Search vendor "Oracle" for product "Mysql Server" and version " >= 8.0.0 <= 8.0.26"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.57 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.57"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.59 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.59"		-		Affected
Oracle Search vendor "Oracle"		Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit"				8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8"		-		Affected
Tenable Search vendor "Tenable"		Nessus Network Monitor Search vendor "Tenable" for product "Nessus Network Monitor"				<= 5.13.1 Search vendor "Tenable" for product "Nessus Network Monitor" and version " <= 5.13.1"		-		Affected
Tenable Search vendor "Tenable"		Tenable.sc Search vendor "Tenable" for product "Tenable.sc"				>= 5.16.0 <= 5.19.1 Search vendor "Tenable" for product "Tenable.sc" and version " >= 5.16.0 <= 5.19.1"		-		Affected