Wind River Security Vulnerability Notice:CVE-2021-3711 of openssl
Wind River Linux CD, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, Wind River Linux LTS 21
CVE-2021-3711
SM2 Decryption Buffer Overflow.
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter.
A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated.
Affected Windriver Linux releases:
For openssl, versions 1.1.1k and below are affected by this issue while openssl 1.0.2 is not impacted.
For WRLinux, Wind River Linux CD, Wind River Linux LTS 21, Wind River Linux LTS 19, Wind River Linux LTS 18, Wind River Linux LTS 17, are affected by this issue. WRLinux-9 and earlier releases not affected by it.
Affected software components:
openssl
Affected hardware:
These are pure software issues.
Mitigation
All WRLinux releases after WRLinux-9 effected by this issue and need source patches to avoid it. For details please contact our support team.
Additional References
https://nvd.nist.gov/vuln/detail/CVE-2021-3711
https://www.openssl.org/news/secadv/20210824.txt
Changelog
Please contact our support team to get detailed method to mitigate these CVE issues. Or waiting for our newest RCPL releases.