CVE-2021-3711

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1k

Description The issue is related to a buffer overflow in the SM2 decryption code. When an application calls the EVP PKEY decrypt() function to decrypt SM2 encrypted data, a bug in the implementation can cause the calculation of the buffer size required to hold the plaintext to be smaller than the actual size required. This can lead to a buffer overflow when the function is called a second time with a buffer that is too small. A malicious attacker who can present SM2 content for decryption to an application could cause attacker-chosen data to overflow the buffer, altering the contents of other data held after the buffer, possibly changing application behavior or causing the application to crash.

Recommendations For OpenSSL versions 1.1.1 through 1.1.1k, update to version 1.1.1l or later to fix the issue. As a temporary workaround, consider restricting the use of the EVP PKEY decrypt() function until a patch is available. Avoid using the out parameter with a non-NULL value in the second call to EVP PKEY decrypt() if the buffer size required to hold the plaintext is not properly calculated.