HOMEVULNERABILITIESCVE-2021-3712
HIGH

CVE-2021-3712

CWE-125Published: August 24, 2021· Updated: Jun 17, 2026

7.4
CVSS v3.1

Official Description

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).

NVD Source

Technical Analysis

CVE-2021-3712 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), availability disruption (denial of service), with a CVSS base score of 7.4.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Vendors & Products

Debian1 product(s)
debian linux
mcafee1 product(s)
epolicy orchestrator
netapp8 product(s)
clustered data ontapclustered data ontap antivirus connectore-series santricity os controllerhci management nodemanageability software development kitsantricity smi-s providersolidfirestorage encryption
OpenSSL1 product(s)
openssl
Oracle18 product(s)
essbasemysql connectorsmysql enterprise monitormysql servermysql workbenchpeoplesoft enterprise peopletoolssecure backupzfs storage appliance kitcommunications cloud native core consolecommunications cloud native core security edge protection proxycommunications cloud native core unified data repositorycommunications session border controller+6
siemens1 product(s)
sinec infrastructure network services
tenable2 product(s)
nessus network monitortenable.sc
Source: NVD CPE · 43 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

News & Research Mentioning CVE-2021-3712

Siemens SCALANCE
CISA Alerts· Apr 21, 2026

View CSAF Summary SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. The following versions of Siemens SCALANCE are affected: SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) vers:intdot/<6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147, CVE-2021-3712, CVE-2022-0778, CVE-2022-31765, CVE-2022-36323, CVE-2022-36324, CVE-2022-36325, CVE-2023-44373) SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) vers:intdot/<6.6.0 (CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26146 [xlite_meta score:63 src:CISA Alerts xlite_fp:97dcbf6085fea11c4ef39ae2fb1a0fa497a23c7dd709ebf0d40bfba60bdeefae]

All References (46)

Quick Facts

CVE IDCVE-2021-3712
CVSS Score7.4 / 10
SeverityHIGH
WeaknessCWE-125
CISA KEVNo
Affected7 vendor(s)
PublishedAug 24, 2021

Related CVEs (CWE-125)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2021-3712 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.