Kugadziriswa kuburitswa kweOpenSSL cryptographic library 1.1.1l inowanikwa nekubviswa kwekusagadzikana kuviri:
- CVE-2021-3711 ndeye buffer kufashukira mukodhi inoshandisa iyo SM2 cryptographic algorithm (yakajairika kuChina), iyo inobvumira anosvika makumi matanhatu nemaviri bytes kuti anyorwe munzvimbo iri mhiri kwemuganho webuffer nekuda kwekukanganisa pakuverenga saizi yebhafa. Anorwisa anogona kukwanisa kuita kodhi kuuraya kana kupunzika kweapp nekupfuudza data rakagadzirwa rakagadzirwa kumashandisirwo anoshandisa EVP_PKEY_decrypt() basa rekudhipfenyura SM62 data.
- CVE-2021-3712 is a buffer overfap in the ASN.1 string processing code, iyo inogona kukonzera kuparara kwepurogiramu kana kuratidza zviri mukati mememory memory (somuenzaniso, kuziva makiyi akachengetwa mundangariro) kana anorwisa achikwanisa kuburitsa. tambo muchimiro chemukati che ASN1_STRING.isina kugumiswa nemavara asina basa, uye igadzirise muOpenSSL mabasa anodhinda zvitupa, senge X509_aux_print(), X509_get1_email(), X509_REQ_get1_email() uye X509_get1_ocsp().
Panguva imwecheteyo, zvinyorwa zvitsva zveLibreSSL raibhurari 3.3.4 uye 3.2.6 zvakaburitswa, izvo zvisingatauri zvakajeka kusagadzikana, asi tichitarisa nerondedzero yekuchinja, CVE-2021-3712 kusagadzikana kwakabviswa.
Source: opennet.ru