CVE-2021-3712 Overview
CVE-2021-3712 is an Out-of-Bounds Read vulnerability affecting OpenSSL's handling of ASN.1 strings. The vulnerability stems from how OpenSSL represents ASN.1 strings internally using the ASN1_STRING structure, which contains a buffer holding string data and a length field. Unlike standard C strings that are NUL-terminated, ASN.1 strings constructed directly by applications may not include this termination byte. When OpenSSL functions that print ASN.1 data process these non-NUL-terminated strings, a read buffer overrun can occur, potentially leading to denial of service or disclosure of sensitive memory contents.
Critical Impact
This vulnerability can cause application crashes (Denial of Service) or leak private memory contents including private keys and sensitive plaintext data through out-of-bounds memory reads.
Affected Products
- OpenSSL 1.1.1 through 1.1.1k
- OpenSSL 1.0.2 through 1.0.2y
- Debian Linux 9.0, 10.0, 11.0
- NetApp Clustered Data ONTAP and related products
- McAfee ePolicy Orchestrator
- Tenable Nessus Network Monitor and Tenable.sc
- Oracle MySQL Server, MySQL Workbench, MySQL Connectors
- Oracle PeopleSoft Enterprise PeopleTools
- Oracle Communications products
- Siemens SINEC Infrastructure Network Services
Discovery Timeline
- August 24, 2021 - CVE-2021-3712 published to NVD
- November 21, 2024 - Last updated in NVD database
Technical Details for CVE-2021-3712
Vulnerability Analysis
The vulnerability exists in how OpenSSL handles ASN.1 string structures internally. The ASN1_STRING structure consists of a data buffer and a length field. When strings are parsed using OpenSSL's d2i functions or set via ASN1_STRING_set(), the byte array is additionally NUL-terminated as a safety measure. However, applications can directly construct ASN1_STRING structures by setting the "data" and "length" fields directly, or by using the ASN1_STRING_set0() function, without including a NUL terminator.
Multiple OpenSSL functions that print ASN.1 data incorrectly assume the byte array will always be NUL-terminated. When these functions process directly-constructed strings without proper termination, they continue reading beyond the intended buffer boundary, causing an out-of-bounds read condition. This can also occur during certificate name constraints processing when certificates are directly constructed by applications rather than loaded through OpenSSL parsing functions.
Root Cause
The root cause is a failure to properly validate buffer boundaries when processing ASN.1 string data. OpenSSL's printing functions assume NUL termination of the ASN1_STRING byte array, but this assumption is not enforced for strings constructed via ASN1_STRING_set0() or direct field manipulation. The affected functions include X509_get1_email(), X509_REQ_get1_email(), and X509_get1_ocsp(), as well as various ASN.1 printing routines that process certificate data.
Attack Vector
For an attacker to exploit this vulnerability, they must be able to cause an application to directly construct an ASN1_STRING structure and then process it through one of the affected OpenSSL functions. This could occur in scenarios where:
- An application accepts externally-provided data to construct certificate structures
- Custom certificate validation or processing logic directly manipulates ASN.1 strings
- Certificate name constraints processing operates on directly-constructed certificates
The vulnerability is exploitable over the network, though it requires specific application behaviors and attack complexity is considered high. Successful exploitation could result in a crash (Denial of Service) or disclosure of private memory contents such as private keys or sensitive plaintext data.
Detection Methods for CVE-2021-3712
Indicators of Compromise
- Unexpected application crashes in services utilizing OpenSSL for certificate processing
- Abnormal memory access patterns in processes handling X.509 certificates
- Unusual certificate parsing errors or malformed certificate warnings in application logs
- Evidence of memory disclosure in network traffic or application outputs
Detection Strategies
- Monitor for OpenSSL library versions between 1.0.2 and 1.0.2y, or 1.1.1 and 1.1.1k in deployed applications
- Implement application crash monitoring with stack trace analysis focusing on ASN.1 string handling functions
- Deploy memory safety tools (AddressSanitizer, Valgrind) in development and testing environments to detect out-of-bounds reads
- Review application code for direct construction of ASN1_STRING structures using ASN1_STRING_set0() or direct field assignment
Monitoring Recommendations
- Enable verbose logging for certificate processing operations in affected applications
- Monitor system memory usage for signs of information disclosure attacks
- Track process stability metrics for services using OpenSSL certificate handling
- Implement network traffic analysis to detect potential exfiltration of leaked memory data
How to Mitigate CVE-2021-3712
Immediate Actions Required
- Upgrade OpenSSL 1.1.1 to version 1.1.1l or later
- Upgrade OpenSSL 1.0.2 to version 1.0.2za or later (premium support customers)
- Apply vendor-specific patches for affected downstream products including Oracle, NetApp, McAfee, and Tenable products
- Review application code for direct ASN.1 string construction patterns that bypass standard parsing functions
Patch Information
OpenSSL has released fixed versions addressing this vulnerability. OpenSSL 1.1.1l contains the fix for the 1.1.1 branch, while OpenSSL 1.0.2za addresses the issue in the 1.0.2 branch. Multiple vendors have released corresponding patches:
- OpenSSL Security Advisory August 2021 - Official advisory with patch details
- Oracle Security Alert CPU April 2022 - Patches for Oracle products
- Debian Security Advisory DSA-4963 - Debian package updates
- NetApp Security Advisory ntap-20210827-0010 - NetApp product patches
Workarounds
- Ensure all certificates processed by applications are loaded through OpenSSL's standard parsing functions (d2i_*) rather than directly constructed
- Avoid using ASN1_STRING_set0() with externally-provided data; use ASN1_STRING_set() instead which adds NUL termination
- Implement input validation for any certificate data before processing through OpenSSL functions
- Consider implementing application-level boundary checks when processing certificate fields
# Check OpenSSL version on Linux systems
openssl version -a
# Update OpenSSL on Debian/Ubuntu
sudo apt-get update && sudo apt-get install openssl libssl1.1
# Update OpenSSL on RHEL/CentOS
sudo yum update openssl
# Verify updated version
openssl version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
