CVE-2021-3711 · threatengine.sh

Home/CVE/In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically

CVE

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext.

The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small.

A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

CRITICAL · CVSS 9.8 EPSS 0.02544

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

▤

Affected Products & Versions

33

openssl>= 1.1.1 and < 1.1.1l
debian linuxall versions
netapp active iq unified managerall versions
netapp clustered data ontapall versions
netapp clustered data ontap antivirus connectorall versions
netapp e-series santricity os controller>= 11.0 and <= 11.50.2
netapp hci management nodeall versions
netapp manageability software development kitall versions
Show all 33 affected productsnetapp oncommand insightall versions
netapp oncommand workflow automationall versions
netapp santricity smi-s providerall versions
netapp snapcenterall versions
netapp solidfireall versions
netapp storage encryptionall versions
oracle communications cloud native core security edge protection proxyall versions
oracle communications cloud native core unified data repositoryall versions
oracle communications session border controllerall versions
oracle communications unified session managerall versions
oracle enterprise communications brokerall versions
oracle enterprise session border controllerall versions
oracle essbase< 11.1.2.4.47
oracle essbase>= 21.1 and < 21.3
oracle health sciences inform publisherall versions
oracle jd edwards enterpriseone tools< 9.2.6.3
oracle jd edwards world securityall versions
oracle mysql connectors<= 8.0.27
oracle mysql enterprise monitor<= 8.0.25
oracle mysql server>= 5.7.0 and <= 5.7.35
oracle mysql server>= 8.0.0 and <= 8.0.26
oracle peoplesoft enterprise peopletoolsall versions
oracle zfs storage appliance kitall versions
tenable nessus network monitor<= 5.13.1
tenable tenable.sc>= 5.16.0 and <= 5.19.1

▤

Affected Packages

1

Language-ecosystem packages (from OSV) tied to this CVE, with the version that fixes it - the dependency-level detail NVD doesn’t carry.

crates.io openssl-src CRITICAL fixed in 111.16.0

▣

Scoring & Timeline

9.8

CRITICAL · CVSS v3.1 · openssl-security@openssl.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD24 Aug 2021 · 03:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

⚑

Vendor Advisories

27

siemens-csafSSA-028723
suse-csafopenSUSE-SU-2025:15136-1
suse-csafopenSUSE-SU-2024:11127-1
suse-csafopenSUSE-SU-2024:11816-1
suse-csafSUSE-SU-2024:0191-1
Show all 27 vendor advisoriessuse-csafSUSE-SU-2024:0196-1
suse-csafSUSE-SU-2022:4428-1
suse-csafSUSE-SU-2022:4437-1
suse-csafSUSE-SU-2022:4439-1
suse-csafSUSE-SU-2022:3676-1
suse-csafSUSE-SU-2022:2134-1
suse-csafsuse-fu-2022_1419-1
suse-csafSUSE-SU-2022:1396-1
siemens-csafSSA-389290
rhsaRHSA-2021:4618Important
msrcCVE-2021-3711Remote Code Execution
suse-csafopenSUSE-SU-2021:1188-1
usnUSN-5051-1
suse-csafopenSUSE-SU-2021:2830-1
suse-csafSUSE-SU-2021:2830-1
suse-csafSUSE-SU-2021:2833-1
oracle-cpuoracle-cpu-JD-Edwards-EnterpriseOne-Tools-4781--CVE-2021-3711
cisa-csafcisa-csaf-csaf_files-OT-white-2022-icsa-22-069-09
cisa-csafcisa-csaf-csaf_files-OT-white-2022-icsa-22-132-02
cisa-csafcisa-csaf-csaf_files-OT-white-2022-icsa-22-342-02
cisa-csafcisa-csaf-csaf_files-OT-white-2023-icsa-23-143-02
cisa-csafcisa-csaf-csaf_files-OT-white-2025-icsa-25-226-21

🔗

References & Sources

17

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://www.openwall.com/lists/oss-security/2021/08/26/2Mailing ListThird Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git

https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E

https://security.gentoo.org/glsa/202209-02Third Party Advisory

Show all 17 references

https://security.gentoo.org/glsa/202210-02Third Party Advisory

https://security.netapp.com/advisory/ntap-20210827-0010/Third Party Advisory

https://security.netapp.com/advisory/ntap-20211022-0003/Third Party Advisory

https://security.netapp.com/advisory/ntap-20240621-0006/

https://www.debian.org/security/2021/dsa-4963Third Party Advisory

https://www.openssl.org/news/secadv/20210824.txtVendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.htmlPatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory

https://www.tenable.com/security/tns-2021-16Third Party Advisory

https://www.tenable.com/security/tns-2022-02Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin