SM2 Decryption Buffer Overflow
Description
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | < 111.16.0 | 111.16.0 |
Affected products
136- ghsa-coords135 versionspkg:cargo/openssl-srcpkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/dracut-saltboot&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-boynux-squid_exporter&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/golang-github-boynux-squid_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/golang-github-prometheus-promu&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/golang-github-prometheus-promu&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/grafana&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/grype&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/prometheus-blackbox_exporter&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/prometheus-postgres_exporter&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/rhnlib&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/spacecmd&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/wire&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/ansible&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/dracut-saltboot&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/golang-github-boynux-squid_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-node_exporter&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-prometheus-promu&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/golang-github-QubitProducts-exporter_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/grafana&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/kiwi-desc-saltboot&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-cfg&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-custom-info&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/mgr-virtualization&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openssl-1_1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/prometheus-blackbox_exporter&distro=SUSE%20Manager%20Proxy%20Module%204.3pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/python-hwdata&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/python-pyvmomi&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-koan&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/spacewalk-oscap&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/spacewalk-remote-utils&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/supportutils-plugin-susemanager-client&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/system-user-grafana&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/system-user-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2012-BETApkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%2015-BETApkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20Beta%20for%20SLE%20Micro%205pkg:rpm/suse/uyuni-proxy-systemd-services&distro=SUSE%20Manager%20Client%20Tools%20for%20SLE%20Micro%205
< 111.16.0+ 134 more
- (no CPE)range: < 111.16.0
- (no CPE)range: < 0.1.1665997480.587fa10-150000.1.41.1
- (no CPE)range: < 0.1.1665997480.587fa10-150000.1.41.1
- (no CPE)range: < 1.6-150000.1.9.1
- (no CPE)range: < 1.6-150000.1.9.1
- (no CPE)range: < 0.13.0-150000.3.9.1
- (no CPE)range: < 0.13.0-150000.3.9.1
- (no CPE)range: < 8.3.5-150200.3.21.1
- (no CPE)range: < 8.3.5-150200.3.21.1
- (no CPE)range: < 8.3.4-1.1
- (no CPE)range: < 0.92.1-1.1
- (no CPE)range: < 1.1.1d-lp152.7.21.1
- (no CPE)range: < 1.1.1d-11.27.1
- (no CPE)range: < 1.1.1l-1.2
- (no CPE)range: < 0.19.0-150000.1.14.3
- (no CPE)range: < 0.10.0-150000.1.3.1
- (no CPE)range: < 4.2.6-150000.3.34.1
- (no CPE)range: < 4.2.16-150000.3.77.1
- (no CPE)range: < 4.3.16-150000.3.89.1
- (no CPE)range: < 0.5.0-150000.1.9.3
- (no CPE)range: < 2.9.27-159000.3.9.1
- (no CPE)range: < 0.1.1665997480.587fa10-150000.1.41.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1681904360.84ef141-159000.3.30.1
- (no CPE)range: < 0.1.1665997480.587fa10-150000.1.41.1
- (no CPE)range: < 1.6-1.9.1
- (no CPE)range: < 1.6-4.9.2
- (no CPE)range: < 1.6-150000.1.9.1
- (no CPE)range: < 1.6-159000.4.9.1
- (no CPE)range: < 1.6-150000.1.9.1
- (no CPE)range: < 1.6-150000.1.9.1
- (no CPE)range: < 1.0.0-4.12.4
- (no CPE)range: < 1.0.0-159000.4.12.1
- (no CPE)range: < 0.23.0-1.12.3
- (no CPE)range: < 0.26.0-4.12.4
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.5.0-4.15.4
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 1.3.0-1.15.3
- (no CPE)range: < 2.45.0-4.33.3
- (no CPE)range: < 2.45.0-159000.6.33.1
- (no CPE)range: < 0.14.0-4.12.2
- (no CPE)range: < 0.4.0-1.6.1
- (no CPE)range: < 0.4.0-4.6.2
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 0.4.0-159000.4.6.1
- (no CPE)range: < 8.5.13-150100.3.12.1
- (no CPE)range: < 8.5.13-150200.3.29.5
- (no CPE)range: < 8.3.5-1.30.3
- (no CPE)range: < 9.5.8-4.21.2
- (no CPE)range: < 8.3.5-150000.1.30.1
- (no CPE)range: < 9.5.8-159000.4.24.1
- (no CPE)range: < 0.1.1687520761.cefb248-4.15.2
- (no CPE)range: < 4.3.6-1.27.4
- (no CPE)range: < 4.2.8-150000.1.24.1
- (no CPE)range: < 4.3.3-1.18.1
- (no CPE)range: < 4.3.4-1.32.3
- (no CPE)range: < 4.3.6-1.39.4
- (no CPE)range: < 4.2.8-150000.1.36.1
- (no CPE)range: < 4.3.4-1.21.4
- (no CPE)range: < 5.0.1-4.21.4
- (no CPE)range: < 4.2.5-150000.1.18.2
- (no CPE)range: < 5.0.1-159000.4.21.1
- (no CPE)range: < 4.3.5-1.29.3
- (no CPE)range: < 4.2.4-150000.1.26.1
- (no CPE)range: < 1.1.1d-11.27.1
- (no CPE)range: < 1.1.1d-11.27.1
- (no CPE)range: < 1.1.1d-11.27.1
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 1.1.1d-2.36.2
- (no CPE)range: < 0.19.0-1.8.2
- (no CPE)range: < 0.24.0-3.6.3
- (no CPE)range: < 0.19.0-150000.1.14.3
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.24.0-159000.3.6.1
- (no CPE)range: < 0.19.0-150000.1.14.3
- (no CPE)range: < 0.19.0-150000.1.14.3
- (no CPE)range: < 0.19.0-150000.1.14.3
- (no CPE)range: < 0.10.0-1.8.2
- (no CPE)range: < 0.10.1-3.6.4
- (no CPE)range: < 0.10.0-150000.1.3.1
- (no CPE)range: < 0.10.1-159000.3.6.1
- (no CPE)range: < 0.10.0-150000.1.3.1
- (no CPE)range: < 2.3.5-12.9.1
- (no CPE)range: < 2.3.5-15.12.2
- (no CPE)range: < 2.3.5-159000.5.13.1
- (no CPE)range: < 6.7.3-159000.3.6.1
- (no CPE)range: < 4.3.4-21.43.3
- (no CPE)range: < 5.0.1-24.30.3
- (no CPE)range: < 4.2.6-150000.3.34.1
- (no CPE)range: < 5.0.1-159000.6.30.1
- (no CPE)range: < 4.3.11-38.103.3
- (no CPE)range: < 5.0.1-41.42.3
- (no CPE)range: < 4.2.16-150000.3.77.1
- (no CPE)range: < 5.0.1-159000.6.42.1
- (no CPE)range: < 4.3.9-52.71.3
- (no CPE)range: < 4.2.18-150000.3.59.1
- (no CPE)range: < 5.0.1-159000.6.48.1
- (no CPE)range: < 4.3.5-24.33.3
- (no CPE)range: < 4.2.6-150000.3.27.1
- (no CPE)range: < 4.3.5-19.27.1
- (no CPE)range: < 4.2.4-150000.3.18.1
- (no CPE)range: < 4.3.3-24.24.3
- (no CPE)range: < 1.2.0-6.16.1
- (no CPE)range: < 1.2.2-9.9.2
- (no CPE)range: < 1.2.2-159000.5.9.1
- (no CPE)range: < 4.3.2-6.24.1
- (no CPE)range: < 5.0.1-9.15.2
- (no CPE)range: < 5.0.1-159000.6.15.1
- (no CPE)range: < 4.3.3-25.27.3
- (no CPE)range: < 4.2.6-150000.3.21.1
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 1.0.0-3.7.2
- (no CPE)range: < 4.3.4-1.21.3
- (no CPE)range: < 5.0.1-3.33.3
- (no CPE)range: < 5.0.1-159000.3.33.1
- (no CPE)range: < 4.3.7-150000.1.9.3
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 5.0.1-159000.3.9.1
- (no CPE)range: < 4.3.7-150000.1.9.3
- Range: Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)
Patches
Vulnerability mechanics
References
26- github.com/advisories/GHSA-5ww6-px42-wc85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3711ghsaADVISORY
- security.gentoo.org/glsa/202209-02ghsavendor-advisoryWEB
- security.gentoo.org/glsa/202210-02ghsavendor-advisoryWEB
- www.debian.org/security/2021/dsa-4963ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2021/08/26/2ghsamailing-listWEB
- cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfghsaWEB
- git.openssl.org/gitweb/ghsaWEB
- git.openssl.org/gitweb/ghsaWEB
- lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3Eghsamailing-listWEB
- lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3Eghsamailing-listWEB
- lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3EghsaWEB
- rustsec.org/advisories/RUSTSEC-2021-0097.htmlghsaWEB
- security.netapp.com/advisory/ntap-20210827-0010ghsaWEB
- security.netapp.com/advisory/ntap-20211022-0003ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006ghsaWEB
- www.openssl.org/news/secadv/20210824.txtghsaWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsaWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsaWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlghsaWEB
- www.tenable.com/security/tns-2021-16ghsaWEB
- www.tenable.com/security/tns-2022-02ghsaWEB
- security.netapp.com/advisory/ntap-20210827-0010/mitre
- security.netapp.com/advisory/ntap-20211022-0003/mitre
- security.netapp.com/advisory/ntap-20240621-0006/mitre
News mentions
0No linked articles in our index yet.