what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

CVE-2021-3712

Status Candidate

Overview

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

Related Files

Gentoo Linux Security Advisory 202210-02
Posted Oct 17, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202210-2 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service. Versions less than 1.1.1q are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2020-1968, CVE-2021-3711, CVE-2021-3712, CVE-2021-4160, CVE-2022-0778, CVE-2022-1292, CVE-2022-1473, CVE-2022-2097
SHA-256 | e8a24ea6bd3d06d9f7c4b981793ddc01bf27c0b5de50f88e95ea9d23d62c2456
Gentoo Linux Security Advisory 202209-02
Posted Sep 7, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-2 - Multiple vulnerabilities have been discovered in IBM Spectrum Protect, the worst of which could result in arbitrary code execution. Versions less than 8.1.13.3 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2021-29672, CVE-2021-3711, CVE-2021-3712, CVE-2021-39048, CVE-2021-4104
SHA-256 | be748f02bbc511535db3f026a5b56af4cd94e4a83fb7d4e43682d8a39521bca2
Red Hat Security Advisory 2022-0577-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0577-01 - Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.

tags | advisory
systems | linux, redhat, windows
advisories | CVE-2020-28851, CVE-2020-28852, CVE-2021-29923, CVE-2021-3121, CVE-2021-31525, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3521, CVE-2021-36221, CVE-2021-3712, CVE-2021-42574, CVE-2022-24407
SHA-256 | 46a08de5d03a31ae3c0835a6727df01e33108a18746235e493a42ff7c3841cd4
Red Hat Security Advisory 2022-1051-01
Posted Mar 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1051-01 - This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10, includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3521, CVE-2021-3712, CVE-2021-44716, CVE-2021-44717, CVE-2022-21248, CVE-2022-21277, CVE-2022-21282, CVE-2022-21283, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-21366, CVE-2022-24407
SHA-256 | 2e0da9ea18b09e17e6e69fc9a2810e91ca82a2afeb79f59f84f8be4e4caa9768
Red Hat Security Advisory 2022-0595-02
Posted Mar 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0595-02 - Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-25704, CVE-2020-36322, CVE-2021-20321, CVE-2021-23566, CVE-2021-3521, CVE-2021-3712, CVE-2021-3872, CVE-2021-3918, CVE-2021-3984, CVE-2021-4019, CVE-2021-4034, CVE-2021-4122, CVE-2021-4155, CVE-2021-4192, CVE-2021-4193, CVE-2021-42574, CVE-2021-42739, CVE-2021-43565, CVE-2022-0155, CVE-2022-0185, CVE-2022-20612, CVE-2022-20617
SHA-256 | 2598df9c773007328e30775692ba0a74b35fca2f6cdbd52f2b81faf7636ae67b
Red Hat Security Advisory 2022-0735-01
Posted Mar 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0735-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Issues addressed include denial of service, open redirection, privilege escalation, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-22963, CVE-2021-3521, CVE-2021-3712, CVE-2021-3807, CVE-2021-3872, CVE-2021-3918, CVE-2021-3984, CVE-2021-4019, CVE-2021-4034, CVE-2021-41089, CVE-2021-41091, CVE-2021-4122, CVE-2021-4155, CVE-2021-4192, CVE-2021-4193, CVE-2021-42574, CVE-2021-43565, CVE-2021-43816, CVE-2021-43858, CVE-2022-0185, CVE-2022-0235, CVE-2022-24407, CVE-2022-24450
SHA-256 | 0f428578537f68dfaf14cf427f755f1edf5314f8b08ecb6c1be275b4a8bd343e
Red Hat Security Advisory 2022-0476-01
Posted Feb 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0476-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-3521, CVE-2021-3712, CVE-2021-3872, CVE-2021-3984, CVE-2021-4019, CVE-2021-4122, CVE-2021-4192, CVE-2021-4193, CVE-2022-24348
SHA-256 | 929378052a3a411f8efbf9599d884f20c434cba232af8d52e55c49760a05849e
Red Hat Security Advisory 2022-0431-06
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0431-06 - Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes a bug fixes, security patches and new feature enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-29923, CVE-2021-3712, CVE-2021-42574
SHA-256 | 141890ea599d78e3dc568216578cb9ae701e774ab80404ed6c5b2fea5b1c6afc
Red Hat Security Advisory 2022-0163-01
Posted Jan 19, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0163-01 - The RHEL-8 based Cryostat container images have been updated with a security fix for "CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache". Users of RHEL-8 based Cryostat container images are advised to upgrade to these updated images, which contain backported patches to correct this security issue. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Ecosystem Catalog.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-3712, CVE-2021-44716
SHA-256 | 7118b2b2689f6eefb1b744c04b387a5f1b3a1a39a25ba507fc74bc6d87d5d81b
Red Hat Security Advisory 2022-0064-02
Posted Jan 12, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0064-02 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3712
SHA-256 | 864bb2902300ac462339d439cb2ee5f229a9df235da8c7da659952dbcd2eb8bb
Red Hat Security Advisory 2022-0047-03
Posted Jan 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0047-03 - Openshift Logging Bug Fix Release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20321, CVE-2021-3712, CVE-2021-42574, CVE-2021-45105
SHA-256 | 75732aa539f8c93b32f7bd1b2b848d4871ecbdfe2368bcf7c6c0ccae796ed3ea
Red Hat Security Advisory 2022-0044-06
Posted Jan 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0044-06 - OpenShift Logging Bug Fix Release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-36327, CVE-2021-20321, CVE-2021-3712, CVE-2021-42574, CVE-2021-45105
SHA-256 | c565c4389f96bbb112673b62c18246178afcc0355fc11d803be3172c0bf9bd68
Red Hat Security Advisory 2022-0043-03
Posted Jan 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0043-03 - Openshift Logging Bug Fix Release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20321, CVE-2021-3712, CVE-2021-42574, CVE-2021-45105
SHA-256 | d079fae8eb6ceb0252d08a240487c22383dcf81abdfd564e1d20dca27bc428a5
Red Hat Security Advisory 2022-0042-03
Posted Jan 10, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0042-03 - Openshift Logging Bug Fix Release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20321, CVE-2021-3712, CVE-2021-42574, CVE-2021-45105
SHA-256 | cfa0dd01e2a218c20f34cb015fcdf1836f9175ef7da664dff678a0cd546ea25f
Red Hat Security Advisory 2022-0034-01
Posted Jan 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0034-01 - Red Hat Single Sign-On 7.5 container images for IBM P/Z, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is a security update Red Hat Single Sign-On 7.5, and includes one security fix.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-3712, CVE-2021-4133, CVE-2021-42574
SHA-256 | 899c5aede2bdbf0a841dfc7a5c2c675d9f354dca8bba0d2ae94074c90690b3b4
Red Hat Security Advisory 2022-0015-01
Posted Jan 5, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0015-01 - Red Hat Single Sign-On 7.5 container images, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is a security update Red Hat Single Sign-On 7.5, and includes one security fix.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-3712, CVE-2021-4133, CVE-2021-42574
SHA-256 | 0575dadfa587229dd808830d0bc7c86a64e5a167c637b0efbf58646786a84e63
Red Hat Security Advisory 2021-5226-02
Posted Dec 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5226-02 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3712
SHA-256 | 341e8a384dadb1d9ed5570ab20fe9a231b6acd8061d1b1df4195235a823c2eba
Red Hat Security Advisory 2021-4618-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4618-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, and path sanitization vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947, CVE-2021-23017, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32690, CVE-2021-32803, CVE-2021-32804, CVE-2021-33623, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-36222, CVE-2021-3656, CVE-2021-3711, CVE-2021-3712, CVE-2021-3733
SHA-256 | 14809d9261f291a519a153713fcca44c926124a2a48c8d989887911783dba47f
Red Hat Security Advisory 2021-4613-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4613-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17567, CVE-2019-20838, CVE-2020-13950, CVE-2020-14155, CVE-2020-35452, CVE-2021-23840, CVE-2021-23841, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-3712
SHA-256 | 7b1e67d15601ddde3dd528384cac640b46e2736909b5819f946d6b03cc6bd6e6
Red Hat Security Advisory 2021-4614-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4614-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17567, CVE-2019-20838, CVE-2020-13950, CVE-2020-14155, CVE-2020-35452, CVE-2021-23840, CVE-2021-23841, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-3712
SHA-256 | a3555e355563c36eebdc4b92edb2589ad06f069ab31a4f11e8f540ccf0ec22b7
Ubuntu Security Notice USN-5088-1
Posted Sep 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5088-1 - It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-11098, CVE-2021-23840, CVE-2021-3712, CVE-2021-38575
SHA-256 | 364506777cba9ac853135b7f75877b1504446feea3f08770e812fad58981b8b6
Ubuntu Security Notice USN-5051-4
Posted Sep 2, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5051-4 - USN-5051-2 introduced a regression in OpenSSL that affected only Ubuntu 14.04 ESM. This update fix the regression. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3712
SHA-256 | 9b42e87779beae1cbad74c32c9184930d6aa117f9f5a4ab50072bf385278195a
Debian Security Advisory 4963-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4963-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2021-3711, CVE-2021-3712
SHA-256 | 7f1c8fe693e955cee08270c3932882796ea0d36a94ccf9ffa0552f25e4502d26
Ubuntu Security Notice USN-5051-3
Posted Aug 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5051-3 - USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for the openssl1.0 package in Ubuntu 18.04 LTS. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3712
SHA-256 | 601aedb02dcb81703c8f8937728eed132e75664b1787c8dacac442483a1a66ef
Ubuntu Security Notice USN-5051-2
Posted Aug 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5051-2 - USN-5051-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-3712
SHA-256 | d608c60ee7f2610b9130e1d0027f1eeb33623ea36322fb9c087707f70f2a504b
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close