Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support

Versions Affected : All versions prior to TrueNAS 12.0-U6


There are two issues fixed in this security advisory: CVE-2021-3711 & CVE-2021-3712

CVE-2021-3711 : A bug in the SM2 decryption implementation incorrectly calculates a buffer needed to hold the plaintext leading to a potential buffer overflow. CVE-2021-3711 : ASN1_STRING structures directly constructed, instead of using library functions, may not be NULL-terminated resulting in library functions causing a read buffer overrun.


No workaround is available.


  • Upgrade to TrueNAS 12.0-U6 or later.


Further information