7.4

CVE-2021-3712

Warnung

EPSS 0.82%
Veröffentlicht 24.08.2021 15:15:09
Zuletzt bearbeitet 21.11.2024 06:22:13
Quelle openssl-security@openssl.org
Teams Watchlist Login
Unerledigt Login

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

OpenSSL ≫ OpenSSL Version >= 1.0.2 < 1.0.2za

OpenSSL ≫ OpenSSL Version >= 1.1.1 < 1.1.1l

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Clustered Data Ontap Antivirus Connector Version-

Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.50.2

Netapp ≫ Hci Management Node Version-

Netapp ≫ Manageability Software Development Kit Version-

Netapp ≫ Santricity Smi-s Provider Version-

Netapp ≫ Solidfire Version-

Netapp ≫ Storage Encryption Version-

Mcafee ≫ Epolicy Orchestrator Version < 5.10.0

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Update-

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_1

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_10

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_2

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_3

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_4

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_5

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_6

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_7

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_8

Mcafee ≫ Epolicy Orchestrator Version5.10.0 Updateupdate_9

Tenable ≫ Nessus Network Monitor Version < 6.0.0

Tenable ≫ Tenable.Sc Version >= 5.16.0 <= 5.19.1

Oracle ≫ Essbase Version < 11.1.2.4.047

Oracle ≫ Essbase Version >= 21.0 < 21.3

Oracle ≫ Essbase Version21.3

Oracle ≫ Mysql Connectors Version <= 8.0.27

Oracle ≫ Mysql Enterprise Monitor Version <= 8.0.25

Oracle ≫ Mysql Server Version >= 5.7.0 <= 5.7.35

Oracle ≫ Mysql Server Version >= 8.0.0 <= 8.0.26

Oracle ≫ Mysql Workbench Version <= 8.0.26

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Secure Backup Version18.1.0.1.0

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Siemens ≫ Sinec Infrastructure Network Services Version < 1.0.1.1

Oracle ≫ Communications Cloud Native Core Console Version1.9.0

Oracle ≫ Communications Cloud Native Core Security Edge Protection Proxy Version1.7.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.15.0

Oracle ≫ Communications Session Border Controller Version8.4

Oracle ≫ Communications Session Border Controller Version9.0

Oracle ≫ Communications Unified Session Manager Version8.2.5

Oracle ≫ Communications Unified Session Manager Version8.4.5

Oracle ≫ Enterprise Communications Broker Version3.2.0

Oracle ≫ Enterprise Communications Broker Version3.3.0

Oracle ≫ Enterprise Session Border Controller Version8.4

Oracle ≫ Enterprise Session Border Controller Version9.0

Oracle ≫ Health Sciences Inform Publisher Version6.2.1.0

Oracle ≫ Health Sciences Inform Publisher Version6.3.1.1

Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.3

Oracle ≫ Jd Edwards World Security Versiona9.4

02.03.2023: CERT.at Warnung

https://www.cert.at/de/warnungen/2023/3/kritische-sicherheitslucken-in-arubaos-updates-teilweise-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.82%	0.737

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240621-0006/

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Patch

Third Party Advisory

https://security.gentoo.org/glsa/202210-02

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10366

Third Party Advisory

https://security.gentoo.org/glsa/202209-02

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/08/26/2

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E

https://security.netapp.com/advisory/ntap-20210827-0010/

Third Party Advisory

https://www.debian.org/security/2021/dsa-4963

Third Party Advisory

https://www.openssl.org/news/secadv/20210824.txt

Vendor Advisory

https://www.tenable.com/security/tns-2021-16

Third Party Advisory

https://www.tenable.com/security/tns-2022-02

Patch

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf

Patch

Third Party Advisory

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12

https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2021-3712

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3712

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3712

EUVD