CVE-2021-3712

Out-of-bounds Read in conan/openssl

Identifier

CVE-2021-3712

Package Slug

conan/openssl

Vulnerability

Out-of-bounds Read

Description

If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext)

Affected Versions

All versions starting from 1.0.2 before 1.0.2za, all versions starting from 1.1.1 before 1.1.1l

Solution

Upgrade to versions 1.1.0k, 1.1.1l or above.

Last Modified

2021-09-02

source