John Ouyang

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.1 through 1.1.1k **Description** The issue is related to a buffer overflow in the SM2 decryption code. When an application calls the `EVP PKEY decrypt()` function to decrypt SM2 encrypted data, a bug in the implementation can cause the calculation of the buffer size required to hold the plaintext to be smaller than the actual size required. This can lead to a buffer overflow when the function is called a second time with a buffer that is too small. A malicious attacker who can present SM2 content for decryption to an application could cause attacker-chosen data to overflow the buffer, altering the contents of other data held after the buffer, possibly changing application behavior or causing the application to crash. **Recommendations** For OpenSSL versions 1.1.1 through 1.1.1k, update to version 1.1.1l or later to fix the issue. As a temporary workaround, consider restricting the use of the `EVP PKEY decrypt()` function until a patch is available. Avoid using the `out` parameter with a non-NULL value in the second call to `EVP PKEY decrypt()` if the buffer size required to hold the plaintext is not properly calculated.