A flaw was found in openssl. A miscalculation of a buffer size was found in openssl's SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer. A remote attacker could use this flaw to crash an application supporting SM2 signature or encryption algorithm, or, possibly, execute arbitrary code with the permissions of the user running that application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in openssl. A miscalculation of a buffer size was found in openssl's SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer. A remote attacker could use this flaw to crash an application supporting SM2 signature or encryption algorithm, or, possibly, execute arbitrary code with the permissions of the user running that application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
OpenSSL packages shipped with Red Hat Enterprise Linux 8 are not compiled with support for SM2 algorithm and therefore are not affected by this flaw. Packages shipped with Red Hat Enterprise Linux 7 and older do not support the SM2 algorithm.
The Red Hat Advanced Cluster Management for Kubernetes 2.3.1 and the previous versions are using the vulnerable version of the OpenSSL library, however the vulnerable code path is not reachable.