Versions Affected : All versions prior to TrueNAS 12.0-U6
There are two issues fixed in this security advisory: CVE-2021-3711 & CVE-2021-3712
CVE-2021-3711 : A bug in the SM2 decryption implementation incorrectly calculates a buffer needed to hold the plaintext leading to a potential buffer overflow. CVE-2021-3711 : ASN1_STRING structures directly constructed, instead of using library functions, may not be NULL-terminated resulting in library functions causing a read buffer overrun.
No workaround is available.
- Upgrade to TrueNAS 12.0-U6 or later.
- FreeBSD Revision : r370396
- TrueNAS Commit : d3b76cc
- TrueNAS Commit : f4242bd
- JIRA Ticket : NAS-111999