OpenSSL.SM2.Decryption.sm2_plaintext_size.Buffer.Overflow
Description
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in OpenSSL Project OpenSSL.
The vulnerability is due to miscalculation of the outlen parameter used by EVP_PKEY_decrypt when decrypting SM2 encrypted data. A remote attacker could exploit the vulnerability by sending crafted packets to an application using OpenSSL API for SM2 decryption. Successful exploitation could result in denial of service conditions on the affected service.
Affected Products
OpenSSL Project OpenSSL prior to 1.1.1l
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.openssl.org/news/secadv/20210824.txt
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |