CVE-2021-3712

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1k OpenSSL versions 1.0.2 through 1.0.2y

Description The issue is related to the representation of ASN.1 strings within OpenSSL as an ASN1 STRING structure, which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings, which are represented as a buffer for the string data terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings parsed using OpenSSL's own "d2i" functions or set with the ASN1 STRING set() function will additionally NUL terminate the byte array in the ASN1 STRING structure. However, it is possible for applications to directly construct valid ASN1 STRING structures that do not NUL terminate the byte array. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1 STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. This can lead to a read buffer overrun, potentially resulting in a crash (causing a Denial of Service attack) or the disclosure of private memory contents (such as private keys or sensitive plaintext). The X509 get1 email(), X509 REQ get1 email(), and X509 get1 ocsp() functions are also affected.

Recommendations For OpenSSL versions 1.1.1 through 1.1.1k, update to version 1.1.1l or later. For OpenSSL versions 1.0.2 through 1.0.2y, update to version 1.0.2za or later. As a temporary workaround, consider disabling the use of directly constructed ASN1 STRING structures until a patch is available. Restrict access to the affected OpenSSL functions to minimize the risk of exploitation. Avoid using the ASN1 STRING set0() function to construct ASN1 STRING structures until the issue is resolved.