CVE-2021-3712
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.5
Description
RHSA-2021:5226: openssl security update (Moderate)
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 1:1.1.1.l-1 |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 1.1.1l-1 |
| sid | Fixed | 1.1.1l-1 |
| forky | Fixed | 1.1.1l-1 |
| bullseye | Fixed | 1.1.1k-1+deb11u1 |
| bookworm | Fixed | 1.1.1l-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| crates.io | openssl-src | | |
| crates.io | openssl-src | <111.16.0 | 111.16.0 |
| crates.io | openssl-src | >=0.0.0-0,<111.16.0 | 111.16.0 |
References
- https://www.openssl.org/news/secadv/20210824.txt
- https://www.suse.com/security/cve/CVE-2021-3712.html
- https://errata.rockylinux.org/RLSA-2021:5226
- https://nvd.nist.gov/vuln/detail/CVE-2021-3712
- https://www.tenable.com/security/tns-2022-02
- https://www.tenable.com/security/tns-2021-16
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.openwall.com/lists/oss-security/2021/08/26/2
- https://www.debian.org/security/2021/dsa-4963
- https://security.netapp.com/advisory/ntap-20240621-0006
- https://security.netapp.com/advisory/ntap-20210827-0010
- https://security.gentoo.org/glsa/202210-02
- https://security.gentoo.org/glsa/202209-02
- https://rustsec.org/advisories/RUSTSEC-2021-0098.html
- https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html
- https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E
- https://kc.mcafee.com/corporate/index?page=content&id=SB10366
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.