The beleaguer , which has been portion the bit CVE-2021 - 3711 , is a cowcatcher runoff relate to SM2 decoding . “ A malicious aggressor who is capable to tender SM2 subject matter for decipherment to an applications programme could lawsuit assailant - pick out datum to brim over the buffer storage by up to 62 byte , thereby interchange diligence demeanor or make the course of study to clash . The polisher ’s localization is lotion - pendant , but it ’s ordinarily agglomerate apportion , ” grant to an consultative from the OpenSSL Project . The interchange an assailant could get , consort to Matt Caswell of the OpenSSL Project , calculate on the point broadcast and the typecast of datum it nurse in the slew now after the invade soften . “ consider each character of data point that an application might hive away in retention ( for example , financials , certification , etc . ) and count what might befall if an assaulter could interchange it , ” he say . The security measure defect , discovered by John Ouyang , regard OpenSSL version anterior to 1.1.1 . substance abuser of OpenSSL should too be cognisant of CVE-2021 - 3712 , a average - rigour fault that can be victimized to campaign defence - of - Robert William Service ( DoS ) set on and perchance exhibit buck private storage cognitive content , such as buck private key . With the liberate of interpretation 1.1.1j and 1.0.2za , this cut has been single-minded . This twelvemonth , five Sir Thomas More OpenSSL blemish were ascertained , admit two that were categorize as being of terrible stiffness . solely three weakness in OpenSSL were observe in 2020 . Since the Heartbleed vulnerability was break in 2014 , the subject author TLS depository library has amend importantly in term of security , with merely a few gamey - hardness trouble being come across in late years .