canonical ubuntu-linux CVE-2021-3712 vulnerability in Canonical and Other Products
Published on August 24, 2021

Read buffer overruns processing ASN.1 strings

product logo product logo product logo product logo product logo product logo product logo product logo product logo
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-3712 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Out-of-bounds Read

The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.


Products Associated with CVE-2021-3712

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3712 are published in these products:

Canonical Ubuntu Linux
 
OpenSSL
 
Debian Linux
 
NetApp Clustered Data Ontap
 
NetApp Clustered Data Ontap Antivirus Connector
 
NetApp E Series Santricity Os Controller
 
NetApp Hci Management Node
 
NetApp Manageability Software Development Kit
 
NetApp Santricity Smi S Provider
 
NetApp Solidfire
 
NetApp Storage Encryption
 
McAfee Epolicy Orchestrator
 
Tenable Sc
 
Oracle Mysql Enterprise Monitor
 
Oracle MySQL
 
Oracle Mysql Workbench
 
Oracle Zfs Storage Appliance Kit
 
Tenable Nessus Network Monitor
 
Oracle Essbase
 
Oracle Mysql Connectors
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Secure Backup
 
Siemens Sinec Infrastructure Network Services
 
Oracle Jd Edwards World Security
 
Oracle Enterprise Session Border Controller
 
Oracle Enterprise Communications Broker
 
Oracle Communications Session Border Controller
 
Oracle Communications Cloud Native Core Security Edge Protection Proxy
 
Oracle Communications Unified Session Manager
 
Oracle Jd Edwards Enterpriseone Tools
 
Oracle Health Sciences Inform Publisher
 
Oracle Communications Cloud Native Core Console
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle
 
Siemens Simatic Pcs Neo
 
Siemens Sinec Nms
 
Siemens Sinema Remote Connect Server
 
Siemens Sinema Server
 
Siemens Tia Administrator
 

Affected Versions

OpenSSL: Siemens BFCClient: Siemens Industrial Edge - Machine Insight App: Siemens Industrial Edge - PROFINET IO Connector: Siemens RUGGEDCOM RM1224 LTE(4G) EU: Siemens RUGGEDCOM RM1224 LTE(4G) NAM: Siemens RUGGEDCOM ROX MX5000: Siemens RUGGEDCOM ROX MX5000RE: Siemens RUGGEDCOM ROX RX1400: Siemens RUGGEDCOM ROX RX1500: Siemens RUGGEDCOM ROX RX1501: Siemens RUGGEDCOM ROX RX1510: Siemens RUGGEDCOM ROX RX1511: Siemens RUGGEDCOM ROX RX1512: Siemens RUGGEDCOM ROX RX1524: Siemens RUGGEDCOM ROX RX1536: Siemens RUGGEDCOM ROX RX5000: Siemens SCALANCE M804PB: Siemens SCALANCE M812-1 ADSL-Router: Siemens SCALANCE M812-1 ADSL-Router: Siemens SCALANCE M816-1 ADSL-Router: Siemens SCALANCE M816-1 ADSL-Router: Siemens SCALANCE M826-2 SHDSL-Router: Siemens SCALANCE M874-2: Siemens SCALANCE M874-3: Siemens SCALANCE M876-3: Siemens SCALANCE M876-3 (ROK): Siemens SCALANCE M876-4 (EU): Siemens SCALANCE M876-4 (NAM): Siemens SCALANCE MUM853-1 (EU): Siemens SCALANCE MUM856-1 (EU): Siemens SCALANCE MUM856-1 (RoW): Siemens SCALANCE S615 LAN-Router: Siemens SCALANCE SC622-2C: Siemens SCALANCE SC632-2C: Siemens SCALANCE SC636-2C: Siemens SCALANCE SC642-2C: Siemens SCALANCE SC646-2C: Siemens SCALANCE W1748-1 M12: Siemens SCALANCE W1748-1 M12: Siemens SCALANCE W1788-1 M12: Siemens SCALANCE W1788-2 EEC M12: Siemens SCALANCE W1788-2 M12: Siemens SCALANCE W1788-2IA M12: Siemens SCALANCE W721-1 RJ45: Siemens SCALANCE W721-1 RJ45: Siemens SCALANCE W721-1 RJ45: Siemens SCALANCE W721-1 RJ45: Siemens SCALANCE W722-1 RJ45: Siemens SCALANCE W722-1 RJ45: Siemens SCALANCE W722-1 RJ45: Siemens SCALANCE W722-1 RJ45: Siemens SCALANCE W722-1 RJ45: Siemens SCALANCE W722-1 RJ45: Siemens SCALANCE W734-1 RJ45: Siemens SCALANCE W734-1 RJ45: Siemens SCALANCE W734-1 RJ45: Siemens SCALANCE W734-1 RJ45: Siemens SCALANCE W734-1 RJ45: Siemens SCALANCE W734-1 RJ45: Siemens SCALANCE W734-1 RJ45 (USA): Siemens SCALANCE W734-1 RJ45 (USA): Siemens SCALANCE W738-1 M12: Siemens SCALANCE W738-1 M12: Siemens SCALANCE W738-1 M12: Siemens SCALANCE W738-1 M12: Siemens SCALANCE W748-1 M12: Siemens SCALANCE W748-1 M12: Siemens SCALANCE W748-1 M12: Siemens SCALANCE W748-1 M12: Siemens SCALANCE W748-1 RJ45: Siemens SCALANCE W748-1 RJ45: Siemens SCALANCE W748-1 RJ45: Siemens SCALANCE W748-1 RJ45: Siemens SCALANCE W761-1 RJ45: Siemens SCALANCE W761-1 RJ45: Siemens SCALANCE W761-1 RJ45: Siemens SCALANCE W761-1 RJ45: Siemens SCALANCE W774-1 M12 EEC: Siemens SCALANCE W774-1 M12 EEC: Siemens SCALANCE W774-1 M12 EEC: Siemens SCALANCE W774-1 M12 EEC: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45: Siemens SCALANCE W774-1 RJ45 (USA): Siemens SCALANCE W774-1 RJ45 (USA): Siemens SCALANCE W778-1 M12: Siemens SCALANCE W778-1 M12: Siemens SCALANCE W778-1 M12: Siemens SCALANCE W778-1 M12: Siemens SCALANCE W778-1 M12 EEC: Siemens SCALANCE W778-1 M12 EEC: Siemens SCALANCE W778-1 M12 EEC (USA): Siemens SCALANCE W778-1 M12 EEC (USA): Siemens SCALANCE W786-1 RJ45: Siemens SCALANCE W786-1 RJ45: Siemens SCALANCE W786-1 RJ45: Siemens SCALANCE W786-1 RJ45: Siemens SCALANCE W786-2 RJ45: Siemens SCALANCE W786-2 RJ45: Siemens SCALANCE W786-2 RJ45: Siemens SCALANCE W786-2 RJ45: Siemens SCALANCE W786-2 RJ45: Siemens SCALANCE W786-2 RJ45: Siemens SCALANCE W786-2 SFP: Siemens SCALANCE W786-2 SFP: Siemens SCALANCE W786-2 SFP: Siemens SCALANCE W786-2 SFP: Siemens SCALANCE W786-2IA RJ45: Siemens SCALANCE W786-2IA RJ45: Siemens SCALANCE W786-2IA RJ45: Siemens SCALANCE W786-2IA RJ45: Siemens SCALANCE W788-1 M12: Siemens SCALANCE W788-1 M12: Siemens SCALANCE W788-1 M12: Siemens SCALANCE W788-1 M12: Siemens SCALANCE W788-1 RJ45: Siemens SCALANCE W788-1 RJ45: Siemens SCALANCE W788-1 RJ45: Siemens SCALANCE W788-1 RJ45: Siemens SCALANCE W788-2 M12: Siemens SCALANCE W788-2 M12: Siemens SCALANCE W788-2 M12: Siemens SCALANCE W788-2 M12: Siemens SCALANCE W788-2 M12 EEC: Siemens SCALANCE W788-2 M12 EEC: Siemens SCALANCE W788-2 M12 EEC: Siemens SCALANCE W788-2 M12 EEC: Siemens SCALANCE W788-2 M12 EEC: Siemens SCALANCE W788-2 M12 EEC: Siemens SCALANCE W788-2 RJ45: Siemens SCALANCE W788-2 RJ45: Siemens SCALANCE W788-2 RJ45: Siemens SCALANCE W788-2 RJ45: Siemens SCALANCE W788-2 RJ45: Siemens SCALANCE W788-2 RJ45: Siemens SCALANCE WAM766-1: Siemens SCALANCE WAM766-1 (US): Siemens SCALANCE WAM766-1 EEC: Siemens SCALANCE WAM766-1 EEC (US): Siemens SCALANCE WUM766-1: Siemens SCALANCE WUM766-1 (USA): Siemens SCALANCE X200-4P IRT: Siemens SCALANCE X201-3P IRT: Siemens SCALANCE X201-3P IRT PRO: Siemens SCALANCE X202-2IRT: Siemens SCALANCE X202-2P IRT: Siemens SCALANCE X202-2P IRT PRO: Siemens SCALANCE X204-2: Siemens SCALANCE X204-2FM: Siemens SCALANCE X204-2LD: Siemens SCALANCE X204-2LD TS: Siemens SCALANCE X204-2TS: Siemens SCALANCE X204IRT: Siemens SCALANCE X204IRT PRO: Siemens SCALANCE X206-1: Siemens SCALANCE X206-1LD: Siemens SCALANCE X208: Siemens SCALANCE X208PRO: Siemens SCALANCE X212-2: Siemens SCALANCE X212-2LD: Siemens SCALANCE X216: Siemens SCALANCE X224: Siemens SCALANCE X302-7 EEC (230V, coated): Siemens SCALANCE X302-7 EEC (230V): Siemens SCALANCE X302-7 EEC (24V, coated): Siemens SCALANCE X302-7 EEC (24V): Siemens SCALANCE X302-7 EEC (2x 230V, coated): Siemens SCALANCE X302-7 EEC (2x 230V): Siemens SCALANCE X302-7 EEC (2x 24V, coated): Siemens SCALANCE X302-7 EEC (2x 24V): Siemens SCALANCE X304-2FE: Siemens SCALANCE X306-1LD FE: Siemens SCALANCE X307-2 EEC (230V, coated): Siemens SCALANCE X307-2 EEC (230V): Siemens SCALANCE X307-2 EEC (24V, coated): Siemens SCALANCE X307-2 EEC (24V): Siemens SCALANCE X307-2 EEC (2x 230V, coated): Siemens SCALANCE X307-2 EEC (2x 230V): Siemens SCALANCE X307-2 EEC (2x 24V, coated): Siemens SCALANCE X307-2 EEC (2x 24V): Siemens SCALANCE X307-3: Siemens SCALANCE X307-3: Siemens SCALANCE X307-3LD: Siemens SCALANCE X307-3LD: Siemens SCALANCE X308-2: Siemens SCALANCE X308-2: Siemens SCALANCE X308-2LD: Siemens SCALANCE X308-2LD: Siemens SCALANCE X308-2LH: Siemens SCALANCE X308-2LH: Siemens SCALANCE X308-2LH+: Siemens SCALANCE X308-2LH+: Siemens SCALANCE X308-2M: Siemens SCALANCE X308-2M: Siemens SCALANCE X308-2M PoE: Siemens SCALANCE X308-2M PoE: Siemens SCALANCE X308-2M TS: Siemens SCALANCE X308-2M TS: Siemens SCALANCE X310: Siemens SCALANCE X310: Siemens SCALANCE X310FE: Siemens SCALANCE X310FE: Siemens SCALANCE X320-1 FE: Siemens SCALANCE X320-1-2LD FE: Siemens SCALANCE X408-2: Siemens SCALANCE XF201-3P IRT: Siemens SCALANCE XF202-2P IRT: Siemens SCALANCE XF204: Siemens SCALANCE XF204-2: Siemens SCALANCE XF204-2BA IRT: Siemens SCALANCE XF204IRT: Siemens SCALANCE XF206-1: Siemens SCALANCE XF208: Siemens SCALANCE XR324-12M (230V, ports on front): Siemens SCALANCE XR324-12M (230V, ports on front): Siemens SCALANCE XR324-12M (230V, ports on rear): Siemens SCALANCE XR324-12M (230V, ports on rear): Siemens SCALANCE XR324-12M (24V, ports on front): Siemens SCALANCE XR324-12M (24V, ports on front): Siemens SCALANCE XR324-12M (24V, ports on rear): Siemens SCALANCE XR324-12M (24V, ports on rear): Siemens SCALANCE XR324-12M TS (24V): Siemens SCALANCE XR324-12M TS (24V): Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front): Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front): Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear): Siemens SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear): Siemens SCALANCE XR324-4M EEC (24V, ports on front): Siemens SCALANCE XR324-4M EEC (24V, ports on front): Siemens SCALANCE XR324-4M EEC (24V, ports on rear): Siemens SCALANCE XR324-4M EEC (24V, ports on rear): Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front): Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front): Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear): Siemens SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear): Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front): Siemens SCALANCE XR324-4M EEC (2x 24V, ports on front): Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear): Siemens SCALANCE XR324-4M EEC (2x 24V, ports on rear): Siemens SCALANCE XR324-4M PoE (230V, ports on front): Siemens SCALANCE XR324-4M PoE (230V, ports on rear): Siemens SCALANCE XR324-4M PoE (24V, ports on front): Siemens SCALANCE XR324-4M PoE (24V, ports on rear): Siemens SCALANCE XR324-4M PoE TS (24V, ports on front): Siemens SIMATIC CP 1242-7 V2: Siemens SIMATIC CP 1243-1: Siemens SIMATIC CP 1243-7 LTE EU: Siemens SIMATIC CP 1243-7 LTE US: Siemens SIMATIC CP 1243-8 IRC: Siemens SIMATIC CP 1542SP-1: Siemens SIMATIC CP 1543-1: Siemens SIMATIC CP 1543SP-1: Siemens SIMATIC CP 1545-1: Siemens SIMATIC PCS neo (Administration Console): Siemens SIMATIC Process Historian OPC UA Server: Siemens SIMATIC S7-1200 CPU 1211C AC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1211C DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1211C DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1212C AC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1212C DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1212C DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1212FC DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1214C AC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1214C DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1214C DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1214FC DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1215C AC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1215C DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1215C DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/DC: Siemens SIMATIC S7-1200 CPU 1215FC DC/DC/Rly: Siemens SIMATIC S7-1200 CPU 1217C DC/DC/DC: Siemens SINEC NMS: Siemens SINEMA Remote Connect Server: Siemens SINEMA Server V14: Siemens SINUMERIK Operate: Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC: Siemens SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL: Siemens SIPLUS NET CP 1242-7 V2: Siemens SIPLUS NET CP 1543-1: Siemens SIPLUS NET SCALANCE X308-2: Siemens SIPLUS S7-1200 CP 1243-1: Siemens SIPLUS S7-1200 CP 1243-1 RAIL: Siemens SIPLUS S7-1200 CPU 1212 AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1212 DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1212C AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL: Siemens SIPLUS S7-1200 CPU 1214 AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1214 DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1214C AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL: Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1214C DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1214FC DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215 AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1215 DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215 DC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215C AC/DC/RLY: Siemens SIPLUS S7-1200 CPU 1215C DC/DC/DC: Siemens SIPLUS S7-1200 CPU 1215FC DC/DC/DC: Siemens TIA Administrator:

Exploit Probability

EPSS
0.52%
Percentile
66.96%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.