John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. (CVE-2021-3711)
Ingo Schwarze discovered that OpenSSL incorrectly handled certain ASN.1 strings. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2021-3712)
{ "availability": "No subscription required", "binaries": [ { "libssl-doc": "1.1.1-1ubuntu2.1~18.04.13", "libssl-dev": "1.1.1-1ubuntu2.1~18.04.13", "libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.13", "libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.13", "libssl1.1": "1.1.1-1ubuntu2.1~18.04.13", "openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.13", "libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.13", "openssl": "1.1.1-1ubuntu2.1~18.04.13" } ] }
{ "availability": "No subscription required", "binaries": [ { "libssl-doc": "1.1.1f-1ubuntu2.8", "libssl-dev": "1.1.1f-1ubuntu2.8", "libssl1.1-dbgsym": "1.1.1f-1ubuntu2.8", "libssl1.1-udeb": "1.1.1f-1ubuntu2.8", "libssl1.1": "1.1.1f-1ubuntu2.8", "openssl-dbgsym": "1.1.1f-1ubuntu2.8", "libcrypto1.1-udeb": "1.1.1f-1ubuntu2.8", "openssl": "1.1.1f-1ubuntu2.8" } ] }