Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
August 25, 2021Rewterz Threat Alert – ProxyLogon Flaw, Evil Emails, SQL Injections Used Open Backdoors
August 26, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
August 25, 2021Rewterz Threat Alert – ProxyLogon Flaw, Evil Emails, SQL Injections Used Open Backdoors
August 26, 2021Severity
High
Analysis Summary
CVE-2021-3711
OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVP_PKEY_decrypt() function within implementation of the SM2 decryption. By sending specially crafted SM2 content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Impact
- Unauthorized access
Affected Vendors
OpenSSL
Affected Products
- OpenSSL OpenSSL 1.1.1d
- OpenSSL OpenSSL 1.1.1e
- OpenSSL OpenSSL 1.1.1f
- OpenSSL OpenSSL 1.1.1g
- OpenSSL OpenSSL 1.1.1h
- OpenSSL OpenSSL 1.1.1i
- OpenSSL OpenSSL 1.1.1j
- OpenSSL OpenSSL 1.1.1a
- OpenSSL OpenSSL 1.1.1b
- OpenSSL OpenSSL 1.1.1c
- OpenSSL OpenSSL 1.1.1k
Remediation
Refer to OpenSSL Security Advisory for the patch, upgrade, or suggested workaround information.