Miggo Logo

CVE-2021-3711: OpenSSL SM2 Buffer Overflow Vulnerability

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.85711%
Published
5/24/2022
Updated
6/24/2024
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
openssl-srcrust< 111.16.0111.16.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from incorrect buffer size calculation in sm2_plaintext_size, which was called during the first EVP_PKEY_decrypt invocation. The function used cryptographic parameters rather than parsing actual ciphertext, leading to undersized allocations. pkey_sm2_decrypt facilitated this incorrect calculation by passing the wrong parameters. The patch fundamentally changes both the function signature and implementation to properly parse ciphertext structure.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In or**r to ***rypt SM* *n*rypt** **t* *n *ppli**tion is *xp**t** to **ll t** *PI *un*tion *VP_PK*Y_***rypt(). Typi**lly *n *ppli**tion will **ll t*is *un*tion twi**. T** *irst tim*, on *ntry, t** "out" p*r*m*t*r **n ** NULL *n*, on *xit, t** "outl*n

Reasoning

T** vuln*r**ility st*mm** *rom in*orr**t *u***r siz* **l*ul*tion in sm*_pl*int*xt_siz*, w*i** w*s **ll** *urin* t** *irst *VP_PK*Y_***rypt invo**tion. T** *un*tion us** *rypto*r*p*i* p*r*m*t*rs r*t**r t**n p*rsin* **tu*l *ip**rt*xt, l***in* to un**rs