SA-2023-122 – SM2 decryption code (CVE-2021-3711)

Extreme Networks Security Advisory

A bug in the SM2 decryption code can cause a buffer overflow when the application calls EVP_PKEY_decrypt() with a smaller buffer size. This could lead to malicious attackers altering the contents of other data, potentially changing application behavior or causing a crash. The buffer location is application-dependent.