CVE-2021-3711: OpenSSL SM2 Buffer Overflow Vulnerability

CVE-2021-3711 identifies a critical buffer overflow vulnerability in OpenSSL's SM2 decryption implementation that affects the EVP_PKEY_decrypt() API function in versions 1.1.1 through 1.1.1k. This vulnerability achieves a maximum CVSS score of 9.8 (Critical severity) with an EPSS score of 85.1 percentile and 2.6% exploitation probability, indicating extremely high risk for applications utilizing SM2 cryptographic operations. The vulnerability details reveal a calculation error in the SM2 decryption code where the first call to EVP_PKEY_decrypt() returns an incorrect buffer size requirement, causing subsequent calls with allocated buffers to overflow by up to 62 bytes when processing malicious SM2 encrypted content. This creates substantial exploit risk for applications implementing SM2 cryptography, particularly affecting systems using Chinese cryptographic standards, enterprise security applications, and cryptographic libraries that rely on OpenSSL's SM2 implementation for secure communications and data protection operations. The technical root cause lies in OpenSSL's flawed buffer size calculation logic within the SM2 decryption pathway, where the two-step decryption process incorrectly estimates memory requirements, creating a vector for known exploited vulnerabilities targeting cryptographic implementations. The vulnerability specifically affects the interaction between initial size calculation calls and subsequent decryption operations, where attackers can craft SM2 encrypted data to trigger heap buffer overflows that corrupt adjacent memory regions. With over 36 affected packages including golang-github-prometheus-node_exporter and libopenssl1_1-32bit, this vulnerability demonstrates widespread exposure across multiple programming environments and system components. The buffer overflow potential of up to 62 bytes enables attackers to alter application behavior, cause denial of service crashes, or potentially achieve code execution through heap manipulation. Mitigation steps require upgrading to OpenSSL version 1.1.1l which implements proper buffer size calculations for SM2 decryption operations, with OpenSSL 1.0.2 and OpenSSL 3.0 final releases being unaffected by this specific vulnerability. Organizations should prioritize identifying all applications and systems using vulnerable OpenSSL versions for SM2 operations, implement strict validation of SM2 encrypted input data, monitor cryptographic operations for anomalous behavior, and maintain updated CVE database records to track similar buffer management vulnerabilities that could compromise cryptographic library security through memory corruption attacks in encryption and decryption processing components.