GHSA-5ww6-px42-wc85 · 深刻度: critical · エコシステム: rust — SM2 Decryption Buffer Overflow
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).
総合評価: CVE-2021-3711 は高リスク(79.1/100)。CVSS 深刻度は重大。悪用される可能性が高い(EPSS 87.82%、100 パーセンタイル) 根拠: EPSS 上、短期間での悪用可能性は高い水準です。 直近 1 日で EPSS が +85.27% 上昇。悪用への関心が高まっている可能性があります。 推奨対応: 悪用可能性が高いため、影響範囲の確認と修補の優先付けを推奨します。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 2.54% | 87.82% | +85.27% |
| 2 | 2026-05-24 | 2.37% | 2.54% | +0.17% |
| 3 | 2026-04-21 | — | 2.37% | — |
EPSS の全履歴 (全 89 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
GHSA-5ww6-px42-wc85 · 深刻度: critical · エコシステム: rust — SM2 Decryption Buffer Overflow
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
critical | CVE-2021-3711: 3 source package rows (openssl, openssl1.1-compat, openssl3); 54 state rows across 12 repos (3.11-main, 3.12-main, 3.17-community, 3.17-main, 3.18-community, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-community, edge-main); fixed 14, open 40. | https://security.alpinelinux.org/vuln/CVE-2021-3711 |
debian
|
not yet assigned | CVE-2021-3711 not yet assigned priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. | https://security-tracker.debian.org/tracker/CVE-2021-3711 |
gentoo
|
normal | CVE-2021-3711: 2 GLSA(s) (202209-02, 202210-02), 2 atom(s) (app-backup/tsm, dev-libs/openssl); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2021-3711 |
redhat
|
high | — | https://access.redhat.com/security/cve/CVE-2021-3711 |
suse
|
critical | CVE-2021-3711 severity critical: SUSE including 469 source package names (0.21.0.3.2.10:libopenssl1_1-1.1.1d-11.27.1, 0.21.0.3.2.10:libopenssl1_1-hmac-1.1.1d-11.27.1, …), 931 product×package rows across 191 product lines (Container bci/bci-init, Container bci/dotnet-aspnet, … (191 product lines)): Fixed 457, Known Not Affected 326, Known Affected 148. | https://www.suse.com/security/cve/CVE-2021-3711/ |
ubuntu
|
high | CVE-2021-3711 high priority: Ubuntu including 4 source packages (edk2, nodejs, openssl, openssl1.0), 60 status rows across 15 suites (bionic, focal, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 30, DNE 14, released 13, needs-triage 3. | https://ubuntu.com/security/CVE-2021-3711 |
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| openssl | openssl | >= 1.1.1, < 1.1.1l | cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* |
| debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| netapp | active_iq_unified_manager | — | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| netapp | active_iq_unified_manager | — | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* |
| netapp | clustered_data_ontap | — | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| netapp | clustered_data_ontap_antivirus_connector | — | cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* |
| netapp | e-series_santricity_os_controller | >= 11.0, <= 11.50.2 | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* |
| netapp | hci_management_node | — | cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* |
| netapp | manageability_software_development_kit | — | cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* |
| netapp | oncommand_insight | — | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
| netapp | oncommand_workflow_automation | — | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| netapp | santricity_smi-s_provider | — | cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* |
| netapp | snapcenter | — | cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
| netapp | solidfire | — | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* |
| netapp | storage_encryption | — | cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:* |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 | cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:* |
| oracle | communications_cloud_native_core_unified_data_repository | 1.15.0 | cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:* |
| oracle | communications_session_border_controller | 8.4 | cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:* |
| oracle | communications_session_border_controller | 9.0 | cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:* |
| oracle | communications_unified_session_manager | 8.2.5 | cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:* |
| oracle | communications_unified_session_manager | 8.4.5 | cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:* |
| oracle | enterprise_communications_broker | 3.2.0 | cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:* |
| oracle | enterprise_communications_broker | 3.3.0 | cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:* |
| oracle | enterprise_session_border_controller | 8.4 | cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:* |
| oracle | enterprise_session_border_controller | 9.0 | cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:* |
| oracle | essbase | < 11.1.2.4.47 | cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:* |
| oracle | essbase | >= 21.1, < 21.3 | cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:* |
| oracle | health_sciences_inform_publisher | 6.2.1.1 | cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.1:*:*:*:*:*:*:* |
| oracle | health_sciences_inform_publisher | 6.3.1.1 | cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:* |
| oracle | jd_edwards_enterpriseone_tools | < 9.2.6.3 | cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* |
| oracle | jd_edwards_world_security | a9.4 | cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* |
| oracle | mysql_connectors | <= 8.0.27 | cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* |
| oracle | mysql_enterprise_monitor | <= 8.0.25 | cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:* |
| oracle | mysql_server | >= 5.7.0, <= 5.7.35 | cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* |
| oracle | mysql_server | >= 8.0.0, <= 8.0.26 | cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* |
| oracle | zfs_storage_appliance_kit | 8.8 | cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* |
| tenable | nessus_network_monitor | <= 5.13.1 | cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:* |
| tenable | tenable.sc | >= 5.16.0, <= 5.19.1 | cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* |