Versions Affected : All versions prior to TrueNAS 12.0-U6


Description

There are two issues fixed in this security advisory: CVE-2021-3711 & CVE-2021-3712

CVE-2021-3711 : A bug in the SM2 decryption implementation incorrectly calculates a buffer needed to hold the plaintext leading to a potential buffer overflow. CVE-2021-3711 : ASN1_STRING structures directly constructed, instead of using library functions, may not be NULL-terminated resulting in library functions causing a read buffer overrun.


Workaround

No workaround is available.


Mitigation

  • Upgrade to TrueNAS 12.0-U6 or later.

Commit


Further information