Mwepụta mmezi nke ọbá akwụkwọ cryptographic OpenSSL 1.1.1l dị na mwepụ nke adịghị ike abụọ:
- CVE-2021-3711 bụ ihe nkpuchi juputara na koodu na-emejuputa algọridim nke SM2 cryptographic (nke a na-ahụkarị na China), nke na-enye ohere ka edegharị ihe ruru bytes 62 na mpaghara gafere oke nchekwa n'ihi njehie na ịgbakọ nha ihe nchekwa. Onye na-awakpo nwere ike nweta mkpochapụ koodu ma ọ bụ mkpọka ngwa site na ịnyefe data ngbanwe ahaziri iche na ngwa ndị na-eji ọrụ EVP_PKEY_decrypt() iji mebie data SM2.
- CVE-2021-3712 bụ ihe nchekwa ihe njupụta na koodu nhazi eriri ASN.1, nke nwere ike ibute ngwa ngwa ma ọ bụ kpughee ọdịnaya nke ebe nchekwa usoro (dịka ọmụmaatụ, iji chọpụta igodo echekwara na ebe nchekwa) ma ọ bụrụ na onye na-awakpo ahụ nwere ike ịmepụta. eriri dị n'ime ime ASN1_STRING. anaghị akwụsị site na njirimara efu, wee hazie ya na ọrụ OpenSSL na-ebipụta asambodo, dị ka X509_aux_print(), X509_get1_email(), X509_REQ_get1_email() na X509_get1_ocsp().
N'otu oge ahụ, a tọhapụrụ nsụgharị ọhụrụ nke ọbá akwụkwọ LibreSSL 3.3.4 na 3.2.6, bụ ndị na-adịghị ekwupụta n'ụzọ doro anya adịghị ike, ma na-ekpe ikpe site na ndepụta mgbanwe, a kpochapụrụ CVE-2021-3712 adịghị ike.
isi: opennet.ru