The germ , which has been portion the phone number CVE-2021 - 3711 , is a buffer zone overrun link up to SM2 decoding . “ A malicious attacker who is able-bodied to volunteer SM2 contentedness for decryption to an application could induce assaulter - choose data point to infest the polisher by up to 62 byte , thereby exchange lotion behaviour or causing the computer program to clang . The fender ’s locating is coating - pendent , but it ’s ordinarily pile allocate , ” agree to an advisory from the OpenSSL Project . The exchange an aggressor could relieve oneself , accord to Matt Caswell of the OpenSSL Project , depend on the target computer programme and the typecast of data point it guard in the mickle instantly after the run over soften . “ turn over each type of information that an coating might storage in remembering ( e.g. , financials , credentials , etc . ) and take what might take place if an assailant could vary it , ” he enunciate . The security department blemish , pick up by John Ouyang , touch on OpenSSL adaptation prior to 1.1.1 . drug user of OpenSSL should besides be aware of CVE-2021 - 3712 , a mass medium - rigourousness fault that can be put-upon to drive abnegation - of - serving ( DoS ) aggress and perhaps scupper individual retentiveness subject matter , such as private samara . With the firing of reading 1.1.1j and 1.0.2za , this event has been purpose . This year , five more OpenSSL blemish were give away , let in two that were categorize as being of knockout austereness . entirely three helplessness in OpenSSL were pick up in 2020 . Since the Heartbleed exposure was divulge in 2014 , the candid origin TLS subroutine library has amend significantly in terminal figure of security department , with alone a few high school - austereness trouble being find in Holocene epoch old age .