CVE-2021-3712 | Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Published: 2021-08-24 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-3712 is rated High Risk (69.2/100): CVSS High severity, with high exploitation likelihood (EPSS 50.44%, 99th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +49.98% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2021-3712

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.46% 50.44% +49.98%
2 2026-04-26 0.41% 0.46% +0.05%
3 2026-04-22 0.41%

Full EPSS history (48 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-3712

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.4 3.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 5.2 [email protected]
7.4 3.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 5.2 134c704f-9b21-4f2e-91b3-4a467353bcc0
5.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 4.9 [email protected]

Weakness enumeration for CVE-2021-3712

GitHub Security Advisory for CVE-2021-3712

GHSA-q9wj-f4qw-6vfj · Severity: high · Ecosystem: rust — Read buffer overruns processing ASN.1 strings

OS Trackers for CVE-2021-3712

vendor priority summary link
alpine CVE-2021-3712: 3 source package rows (openssl, openssl1.1-compat, openssl3); 54 state rows across 12 repos (3.11-main, 3.12-main, 3.17-community, 3.17-main, 3.18-community, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-community, edge-main); fixed 14, open 40. https://security.alpinelinux.org/vuln/CVE-2021-3712
debian not yet assigned CVE-2021-3712 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2021-3712
gentoo normal CVE-2021-3712: 2 GLSA(s) (202209-02, 202210-02), 2 atom(s) (app-backup/tsm, dev-libs/openssl); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2021-3712
redhat medium https://access.redhat.com/security/cve/CVE-2021-3712
suse medium CVE-2021-3712 severity moderate: SUSE including 595 source package names (0.1.0:libopenssl1_1-1.1.0i-14.21.2, 0.1.75:libopenssl1_1-1.1.0i-14.21.2, …), 1177 product×package rows across 243 product lines (Container bci/bci-init, Container bci/dotnet-aspnet, … (243 product lines)): Fixed 973, Known Affected 142, Known Not Affected 62. https://www.suse.com/security/cve/CVE-2021-3712/
ubuntu medium CVE-2021-3712 medium priority: Ubuntu including 4 source packages (edk2, nodejs, openssl, openssl1.0), 60 status rows across 15 suites (bionic, focal, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 21, released 18, DNE 14, needs-triage 6, ignored 1. https://ubuntu.com/security/CVE-2021-3712

Affected software / configurations for CVE-2021-3712

Vendor Product Version Raw CPE
openssl openssl >= 1.0.2, < 1.0.2za cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
openssl openssl >= 1.1.1, < 1.1.1l cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
debian debian_linux 9.0 cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debian debian_linux 10.0 cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debian debian_linux 11.0 cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
netapp clustered_data_ontap cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
netapp clustered_data_ontap_antivirus_connector cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
netapp e-series_santricity_os_controller >= 11.0, <= 11.50.2 cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapp hci_management_node cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netapp manageability_software_development_kit cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
netapp santricity_smi-s_provider cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
netapp solidfire cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapp storage_encryption cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*
mcafee epolicy_orchestrator < 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*
mcafee epolicy_orchestrator 5.10.0 cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*
tenable nessus_network_monitor < 6.0.0 cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*
tenable tenable.sc >= 5.16.0, <= 5.19.1 cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
oracle essbase < 11.1.2.4.047 cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
oracle essbase >= 21.0, < 21.3 cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
oracle essbase 21.3 cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*
oracle mysql_connectors <= 8.0.27 cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*
oracle mysql_enterprise_monitor <= 8.0.25 cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
oracle mysql_server >= 5.7.0, <= 5.7.35 cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle mysql_server >= 8.0.0, <= 8.0.26 cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
oracle mysql_workbench <= 8.0.26 cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.57 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.58 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
oracle peoplesoft_enterprise_peopletools 8.59 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
oracle secure_backup 18.1.0.1.0 cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*
oracle zfs_storage_appliance_kit 8.8 cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
siemens sinec_infrastructure_network_services < 1.0.1.1 cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
oracle communications_cloud_native_core_console 1.9.0 cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0 cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
oracle communications_cloud_native_core_unified_data_repository 1.15.0 cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
oracle communications_session_border_controller 8.4 cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*
oracle communications_session_border_controller 9.0 cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*
oracle communications_unified_session_manager 8.2.5 cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*
oracle communications_unified_session_manager 8.4.5 cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.2.0 cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*
oracle enterprise_communications_broker 3.3.0 cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 8.4 cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
oracle enterprise_session_border_controller 9.0 cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*
oracle health_sciences_inform_publisher 6.2.1.0 cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.0:*:*:*:*:*:*:*
oracle health_sciences_inform_publisher 6.3.1.1 cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*
oracle jd_edwards_enterpriseone_tools < 9.2.6.3 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
oracle jd_edwards_world_security a9.4 cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*

References for CVE-2021-3712

URL Tags
http://www.openwall.com/lists/oss-security/2021/08/26/2 Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://kc.mcafee.com/corporate/index?page=content&id=SB10366 Third Party Advisory
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202209-02 Third Party Advisory
https://security.gentoo.org/glsa/202210-02 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210827-0010/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.debian.org/security/2021/dsa-4963 Third Party Advisory
https://www.openssl.org/news/secadv/20210824.txt Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Patch Third Party Advisory
https://www.tenable.com/security/tns-2021-16 Third Party Advisory
https://www.tenable.com/security/tns-2022-02 Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019200.html
https://cert-portal.siemens.com/productcert/html/ssa-028723.html
https://cert-portal.siemens.com/productcert/html/ssa-244969.html
https://cert-portal.siemens.com/productcert/html/ssa-389290.html
cvelogic Threat Intelligence